Post to my blog
posted by Poobathy at 9:46 PM
0 comments
Sunday, October 15, 2006
Friday, October 06, 2006
NPR : Privacy of IM Chats not Guaranteed
How to Keep Your Instant Messaging to Yourself
by Melody Joy Kramer
girl at computer
Helen King
Instant-messaging-encryption technology prevents hackers and other intermediaries from reading your conversations. Corbis
I've been using instant messaging to talk with my friends since I was 10. I thought I was pretty savvy, but I had no idea that there were so many intermediaries that could potentially log my conversations. I IM'd with Peter Eckersley, a staff technologist at the nonprofit Electronic Frontier Foundation, which works to protect digital rights and user privacy. He explained how IM users can make themselves more secure.
Peter Eckersley*: Hi Melody
Melody Kramer: Hi Peter, how are you?
Eckersley: Very well, thank you :-)
Kramer: This is the first time I've ever conducted an interview via AIM.
Eckersley: It is, I believe, also the first time I have been interviewed this way...
Kramer: but it seems appropriate, given the subject matter...
Kramer: What are the privacy implications of using AIM as a medium?
Kramer: Like, who can be watching your conversation?
Eckersley: So, there are a few layers of likelihood.
Eckersley: It will very often be the case that the person you are speaking to is recording the conversation.
Kramer: Is there a way to tell that?
Eckersley: No.
Eckersley: Even if the instant messaging software itself isn't logging the conversation,
Eckersley: the other party can copy and paste the text of the conversation to save a copy
Kramer: Can the instant messaging company save your messages too?
Eckersley: The instant messaging companies,
Eckersley: could save a copy of the conversation if they wished to
Eckersley: AOL claims that they do not do this routinely,
Eckersley: and that is believable
Eckersley: they would be recording an awful lot of uninteresting conversations
Eckersley: What is more likely is that they keep a record of who is talking to whom
Kramer: could they do it by keyword?
Eckersley: AOL could indeed enable logging by keyword if they wanted to do so
Kramer: What if you used an instant messaging platform that had some kind of encryption? Is that possible?
Eckersley: Any ISP,
Eckersley: or any hacker who had taken over a computer at an ISP
Eckersley: that was somewhere along the route taken by your messages
Eckersley: could, if they wanted to install some fancy monitoring code,
Eckersley: eavesdrop on your conversation
Eckersley: The first benefit of encryption, is that it would make such eavesdropping at least much harder, and often impossible
Kramer: what is [encryption], exactly? -- like does it scramble what you type?
Eckersley : That's right
Eckersley : encryption lets you send a scrambled message so that only someone who has the right key can descramble it
Eckersley: the tricky thing to get right, is to make sure that only the person you want to talk to has the key
Kramer: how do you get a key?
Eckersley : they can be generated by a computer program
Eckersley: Conveniently, there are some [nice] instant messaging encryption plugins around!
Eckersley: I recommend one called OTR
Eckersley: (short for "off the record", not to be confused with Google Talk's Off the Record feature)
Kramer: okay.
Kramer: can you tell me about that one?
Eckersley: you can use OTR with a nifty IM program called GAIM
Eckersley: that will talk to many networks:
Eckersley: AIM, MSN, Yahoo, Jabber, Google
Eckersley: (Oh, by the way: here's a link on how to install GAIM and OTR for windows if anyone wants to : OTR setup)
Kramer: so you can download [OTR] as a plug-in?
Eckersley: yes.
Kramer: Is there a way to protect yourself without using these encryptions, or are these really the best methods?
Eckersley: Well, even the encryption won't protect you against logging by the person you're speaking to
Eckersley: So, it's best not to say things on IM if you don't want them to be recorded
Eckersley: Encryption is just a neat little extra, to be used if you trust your conversation partner,
Eckersley: but are saying things that are so important that you really wouldn't want an eavesdropper to be able to listen
Kramer: so, having said that -- are you logging this chat? :)
Eckersley: Of course.
Kramer: I am as well.
Peter Eckersley: My instant messaging software logs all of the conversations I have
Eckersley: Occasionally, it's quite useful when someone tells you a phone number or something, and you need it six months later :-)
Kramer: but I want to get back to who could be seeing your IMs -- From what you've said, there are 5 people/entities that could be reading what you type: party 1, party 2, a third party, the instant messaging software, and both parties' companies, if they're typing at work.
Kramer: Is there anyone else?
Eckersley: anyone who got a hold of your computer would be able to read logs that were kept on it
Eckersley: so that's one category of potential readers to consider
Kramer: I hadn't thought of that -- I lock my computer with a password.
Eckersley: A password will not slow down a computer forensics person, or even a competent geek.
Kramer: Hmm.
Kramer: I have a lot of competent geeks in my life.
Eckersley :-)
Eckersley: Also, I think the likelihood of there being a "hacker" is low, but it's theoretically possible
Kramer: Just one more question, though -- is there anything else you'd like instant messaging users to know regarding how they can be safer online?
Eckersley: Hmmm... I don't think so. We've covered the main points: (1) the person you're talking to can be logging the conversation; (2) your computer can be logging the conversation; (3) encryption provides some defense against eavesdropping, but it's not perfect... so (4) do not use IM for really sensitive conversation!
Kramer: Well, thank you very much. This was a great interview!
Kramer: Have a great night!
Eckersley: Thanks!
Eckersley: You too :-)
*For privacy reasons, both of our screen names have been replaced with our real names.
by Melody Joy Kramer
girl at computer
Helen King
Instant-messaging-encryption technology prevents hackers and other intermediaries from reading your conversations. Corbis
I've been using instant messaging to talk with my friends since I was 10. I thought I was pretty savvy, but I had no idea that there were so many intermediaries that could potentially log my conversations. I IM'd with Peter Eckersley, a staff technologist at the nonprofit Electronic Frontier Foundation, which works to protect digital rights and user privacy. He explained how IM users can make themselves more secure.
Peter Eckersley*: Hi Melody
Melody Kramer: Hi Peter, how are you?
Eckersley: Very well, thank you :-)
Kramer: This is the first time I've ever conducted an interview via AIM.
Eckersley: It is, I believe, also the first time I have been interviewed this way...
Kramer: but it seems appropriate, given the subject matter...
Kramer: What are the privacy implications of using AIM as a medium?
Kramer: Like, who can be watching your conversation?
Eckersley: So, there are a few layers of likelihood.
Eckersley: It will very often be the case that the person you are speaking to is recording the conversation.
Kramer: Is there a way to tell that?
Eckersley: No.
Eckersley: Even if the instant messaging software itself isn't logging the conversation,
Eckersley: the other party can copy and paste the text of the conversation to save a copy
Kramer: Can the instant messaging company save your messages too?
Eckersley: The instant messaging companies,
Eckersley: could save a copy of the conversation if they wished to
Eckersley: AOL claims that they do not do this routinely,
Eckersley: and that is believable
Eckersley: they would be recording an awful lot of uninteresting conversations
Eckersley: What is more likely is that they keep a record of who is talking to whom
Kramer: could they do it by keyword?
Eckersley: AOL could indeed enable logging by keyword if they wanted to do so
Kramer: What if you used an instant messaging platform that had some kind of encryption? Is that possible?
Eckersley: Any ISP,
Eckersley: or any hacker who had taken over a computer at an ISP
Eckersley: that was somewhere along the route taken by your messages
Eckersley: could, if they wanted to install some fancy monitoring code,
Eckersley: eavesdrop on your conversation
Eckersley: The first benefit of encryption, is that it would make such eavesdropping at least much harder, and often impossible
Kramer: what is [encryption], exactly? -- like does it scramble what you type?
Eckersley : That's right
Eckersley : encryption lets you send a scrambled message so that only someone who has the right key can descramble it
Eckersley: the tricky thing to get right, is to make sure that only the person you want to talk to has the key
Kramer: how do you get a key?
Eckersley : they can be generated by a computer program
Eckersley: Conveniently, there are some [nice] instant messaging encryption plugins around!
Eckersley: I recommend one called OTR
Eckersley: (short for "off the record", not to be confused with Google Talk's Off the Record feature)
Kramer: okay.
Kramer: can you tell me about that one?
Eckersley: you can use OTR with a nifty IM program called GAIM
Eckersley: that will talk to many networks:
Eckersley: AIM, MSN, Yahoo, Jabber, Google
Eckersley: (Oh, by the way: here's a link on how to install GAIM and OTR for windows if anyone wants to : OTR setup)
Kramer: so you can download [OTR] as a plug-in?
Eckersley: yes.
Kramer: Is there a way to protect yourself without using these encryptions, or are these really the best methods?
Eckersley: Well, even the encryption won't protect you against logging by the person you're speaking to
Eckersley: So, it's best not to say things on IM if you don't want them to be recorded
Eckersley: Encryption is just a neat little extra, to be used if you trust your conversation partner,
Eckersley: but are saying things that are so important that you really wouldn't want an eavesdropper to be able to listen
Kramer: so, having said that -- are you logging this chat? :)
Eckersley: Of course.
Kramer: I am as well.
Peter Eckersley: My instant messaging software logs all of the conversations I have
Eckersley: Occasionally, it's quite useful when someone tells you a phone number or something, and you need it six months later :-)
Kramer: but I want to get back to who could be seeing your IMs -- From what you've said, there are 5 people/entities that could be reading what you type: party 1, party 2, a third party, the instant messaging software, and both parties' companies, if they're typing at work.
Kramer: Is there anyone else?
Eckersley: anyone who got a hold of your computer would be able to read logs that were kept on it
Eckersley: so that's one category of potential readers to consider
Kramer: I hadn't thought of that -- I lock my computer with a password.
Eckersley: A password will not slow down a computer forensics person, or even a competent geek.
Kramer: Hmm.
Kramer: I have a lot of competent geeks in my life.
Eckersley :-)
Eckersley: Also, I think the likelihood of there being a "hacker" is low, but it's theoretically possible
Kramer: Just one more question, though -- is there anything else you'd like instant messaging users to know regarding how they can be safer online?
Eckersley: Hmmm... I don't think so. We've covered the main points: (1) the person you're talking to can be logging the conversation; (2) your computer can be logging the conversation; (3) encryption provides some defense against eavesdropping, but it's not perfect... so (4) do not use IM for really sensitive conversation!
Kramer: Well, thank you very much. This was a great interview!
Kramer: Have a great night!
Eckersley: Thanks!
Eckersley: You too :-)
*For privacy reasons, both of our screen names have been replaced with our real names.
posted by Poobathy at 8:04 PM
0 comments
Six Tips to Protect Your Online Search Privacy
* Don't put personally identifying information like your name, address, credit card number, or Social Security number in your searches.
* Don't use a search engine operated by your Internet service provider (ISP).
* Don't log in to your search engine or its related services. So, if you have accounts with services like GMail or Yahoo! Mail, don't use Google or Yahoo!'s search engines, respectively. Or, use one browser for your searches and a different browser for your other activities.
* Block 'cookies' from your search engine.
* Vary your IP address.
* Use web proxies and anonymizing software that masks your IP address and other information that can be used to track you.
'These six steps provide a strong shield against the most common and probable threats to your Internet search privacy,' said EFF Staff Technologist Peter Eckersley.
Protecting search privacy is a particularly acute problem because of ambiguity in current law and the lack of transparency in search providers' data logging practices. Recently, EFF asked the Federal Trade Commission to investigate AOL and require changes in its privacy practices.
'Until Congress clarifies the law and strengthens protections for this sensitive data, self-defense is the best defense,' said EFF Staff Attorney Kevin Bankston. 'Congress should hold hearings and demand clear answers from the"
* Don't use a search engine operated by your Internet service provider (ISP).
* Don't log in to your search engine or its related services. So, if you have accounts with services like GMail or Yahoo! Mail, don't use Google or Yahoo!'s search engines, respectively. Or, use one browser for your searches and a different browser for your other activities.
* Block 'cookies' from your search engine.
* Vary your IP address.
* Use web proxies and anonymizing software that masks your IP address and other information that can be used to track you.
'These six steps provide a strong shield against the most common and probable threats to your Internet search privacy,' said EFF Staff Technologist Peter Eckersley.
Protecting search privacy is a particularly acute problem because of ambiguity in current law and the lack of transparency in search providers' data logging practices. Recently, EFF asked the Federal Trade Commission to investigate AOL and require changes in its privacy practices.
'Until Congress clarifies the law and strengthens protections for this sensitive data, self-defense is the best defense,' said EFF Staff Attorney Kevin Bankston. 'Congress should hold hearings and demand clear answers from the"
posted by Poobathy at 7:09 PM
0 comments
Links
Previous Posts
- An inquiry into the finer points of translation
- Forged degree racket busted
- Turning Off Google Eagle Eye | BLOGGERMIND
- 4G network 'will create GPS dead zones across the ...
- Encrypting Phone Storage and Transmission? (2011 V...
- New Hacking Tools Pose Bigger Threats to Wi-Fi Use...
- Even though the investigations are belated...?!
- Urdu-Hindi Transliteration/Translation System :: D...
- Will RSS be banned for a fourth time? - India - DNA
- "SMS of Death" Could Crash Many Mobile Phones - Te...
Archives
- August 2006
- September 2006
- October 2006
- February 2007
- March 2007
- May 2007
- August 2007
- April 2008
- October 2010
- December 2010
- January 2011
- February 2011
- March 2011
- September 2011
