Tuesday, July 19, 2005

Online Security

The people hanging around at Making Light know about semi-publicity: they've published in print, they've done fanzines, they know from conferences, they remember their usenet. And it's interesting to note that as condemnatory they are against Helaine Olen, they tend to remind readers about how vulnerable they are to searches. James MacDonald reminds people of his basic online aphorisms:

1. There are no secrets.

2. Don't say anything to anyone anywhere that you don't want to hear Dan Rather read on the Six O'Clock News.

By which, he later clarifies, he means nothing you'd not be willing to defend and stand for--no matter how unpopular--under scrutiny.

More elucidating are Kathryn Cramer's remarks about tracing IP addresses. (I happened to witness in real-time K. C. being swarmed by LGF trolls and thought that she dealt with them with impressive professionalism, given the largely apolitical nature of her blog.) What Kathryn points out is that every time one leaves a comment on a blog, one usually also leaves one's IP address. This address can usually be cross-referenced against an online blog or email address. Once an IP address has been definitely linked to an online handle, the online community can ostracize you or, under various and so-far nefarious proceedings, can out you under your real name. Every time you register a comment from your home computer or a log-in network, no matter how pseudonymous your online persona, you are leaving a trace that could be followed, should someone choose to do so.

Again, should someone choose to do so. Most of us are safe--statistics, after all, are on our side. But we should not get complacent; the nature of privacy is changing, and many of us are making our private lives public before we really understand what havok publicity can make of us. A little old-fashioned paranoia would not do the blogosphere any harm at this point.


Anonymous eerie:

Tracing an IP address to a person's name is actually fairly difficult. First, you have to assume that the person is using their computer at home, then you have to assume that their IP address is static (e.g. does not change over a given time interval). People on DSL or dialup often have dynamically allocated IPs that change every time they connect, or change multiple times during one online session.

If dynamic IP allocation is used, or they're using an internet cafe, or stealing someone else's wireless access, or are not the primary ISP account holder, or don't post anywhere on the internet under their real name, it becomes a lot harder.

People can also use proxy servers to conceal their IP addresses while surfing. A person with the right skillset can do a lot to conceal their identity online.

Having said that, a person with the right skillset and enough motivation can probably find out a lot about someone, particularly if they're careless or have little understanding of how the internet works.

Paranoia is the main reason I keep my journal locked, make sure my real name never appears on Google and only comment in "trusted" spaces.

7/19/2005 10:33:00 PM  
Blogger Jackmormon:

You're right, of course, that people who know what they're doing can protect their privacy much better than those who don't, and that an IP address, however bannable, is not neccessarily traceable to a real name.

A recognizable and stable handle, however, could be traced across a number of IP addresses, maybe eventually to a real person. Since the continuity of a given handle is almost a kind of currency in the online world, people have an added incentive to give themselves recognizable names even when their IP has shifted. One of the IPs from which an online person has posted is almost surely "home." From there, yes, it might take some real skills to unlock the real name. On the other hand, it might take another online project, perhaps more respectable, logged from the some IP address, to unlock the real name. At the end of the day, when a big online community wants to unleash its wrath on someone, they'll usually manage to find a hacker somewhere.

(After installing the very useful Statmeter, I discovered that a couple of my visitors who seemed to be connected via Norway--home to some well-known hackers--had listed as their referring link, "Not Your Business." Needless to say, Statmeter did not log their IP addresses. I wonder what software that is! On the other hand, I also discovered that I have a couple of regular readers who work in the federal government of Canada in Ottawa. *Waves!*)

I'm not particularly techno-savvy, but I have an active imagination. So I stay anonymous and try not to write silly things, hoping that if I'm ever outed, I won't have so much to worry about. A lot of bloggers seem to think that finding them would be impossible or unlikely. There are a ton of people coming online, and many of the younger ones are writing up their own reality-shows in front of an undetermined audience. A little paranoia could go a long way for these folks.

By the way, Eerie, I enjoyed your first post for 'Aqoul, the review of the Arabian-themed Chicklit novel, but when I went back to it a couple days later, it was gone from the site. As it inspired me to go back and read one of the Ur-texts of European seduction by Arabs, E.M. Hull's The Sheik, I wanted to link to your review in order to frame my post. So where did your post go?

7/19/2005 11:26:00 PM  
Blogger Jackmormon:

Correction: make that Ontario, Toronto, Canadia.

You--I do suspect this "you" is singular--return, and I'm happy that this site has brought you pleasure. I won't seek you out; I have no reason to do so. And I don't have your specific IP address: Statmeter gives me a generic "Government of The Province of Ontario" generator.

Of course I could suspect that you use the Roger's Cable Inc. to view this site. The only other Ontario-logged reader who accesses this site without a referring link is the Roger's IP.

Maybe the two are the same; maybe not. I personally don't care. (For me it's: yay, readers!) Someone could care, however, and with a continuous handle on postings available, someone could make connections.

7/19/2005 11:53:00 PM  
Anonymous eerie:

I definitely agree that people are going online and publishing content without a clear understanding of the long-term implications (e.g. being googled by a potential employer). Some are aware and have periodic freaking-out/locking-down sessions over it (e.g. Col), which is a shame.

Oh, and I did mention you in my LJ a while back, a few people may have bookmarked you (=no referrer) :)

Re: the chicklit article, it's probably in the system somewhere, though it may have been deleted in the early stages of configuring/building the blog. I'll go look and send you a link.

7/20/2005 10:48:00 PM  
Blogger Jackmormon:

I was poking around the EFF site's FAQ about blogging security today, which explained various software options that would anonymize not just blogging but also commenting. I'm seriously thinking about downloading it, even though I've enjoyed my Statmeter.

Thanks for the plug on your LJ. Will I someday get to read it? Amd yes! send me the link to your chicklit review!

(BTW: When I was looking up Amazon reviews for the Hull book, I found out that there's a recent little cottage industry in Sheik-themed romance novels. If there really is an uptick recently, it would be interesting to me to try and sort through reasons why.)

7/21/2005 01:37:00 AM  

Post a Comment

<< Home