Daily Archives: November 5, 2006

Privacy is the ability to lie about yourself without getting caught

Check out this old article by Dave Kearns about a presentation by Bob Blakley on the subject of Privacy.

Blakley spoke on the topic “What is Privacy, Really?” a subject near and dear to him as well as to many others in the identity realm. Privacy was, in fact, one of the driving forces behind the so-called “user-centric identity” movement.

But privacy is a widely misunderstood concept. It’s frequently confused with anonymity, often confounded with security and colloquially termed the “right” to be “left alone.” As Blakley puts it, “I don’t want to be alone, but I still want privacy.”

After about 20 minutes of telling us what privacy wasn’t, Blakley came around to stating what it was: “The ability to lie about yourself and get away with it.”

He was quick to point out that it wasn’t positing a right to lie (that’s an ethical, or legal question), just the ability to lie. What that means is that when someone asks you a question and you reply with an answer, the questioner cannot judge the veracity of your information. As Blakley more elegantly stated it: “If you could tell a listener the truth or tell him a lie … And if he would accept either story … then he has given you the benefit of the doubt…”

I think a lot of us take advantage of the ability to lie, by providing false information on intrusive web forms. Another element of the privacy that this definition does not quite capture, is that the information submitted by a user,  is contained at the site and not shared with any other sites…No wonder, people have a difficult time defining privacy and just want it to be left alone.

Attack of the Bots

Check out the great article in the wired magazine, regarding the power and menace of the bots and their controllers:

AT FIRST, IT LOOKED LIKE typical network congestion. So the system administrators weren’t too concerned when TypePad blogs and LiveJournal social networks flickered like a light bulb in a faulty socket. But 15 minutes later, at 4 pm on May 2, 2006, the sites went dark, and so did the mood at Six Apart, the company that owns them. In the blink of an eye, 10 million blogs and online communities disappeared. “It looked like the servers had freaked out,” CEO Barak Berkowitz recalls. Flash floods of data thundered into one network port, stopped inexplicably, then reappeared to overwhelm another. The engineers pored over logs, desperately looking for a cause. After an agonizing hunt, they found it: a distributed denial-of-service attack, or DDoS. Six Apart’s servers had been inundated with so many requests that the machines couldn’t possibly process them all. It was the digital equivalent of filling a fish tank with a fire hose.

“After learning about bots, you might think, ‘I feel hopelessly outgunned and outmatched,'” says Peter Tippett, CTO of security consultancy Cybertrust. “You are.”

Its a fascinating look into how paid organized attacks are used to extract money or even shut down companies…It is still wild wild west in some areas of the Internet and without the limitations of the geography, its hard to see how we will be able to get a handle on these issues. This is going to be a big challenge.