Better to cloak SSID? Google won’t say

WirelessWiFi users who opt for the convenience of broadcasting their SSIDs, versus cloaking their wireless networks, based on the security strategy that a privacy measure calls attention to itself, were shocked last week to learn that Google’s Street view vehicles were mapping neighborhoods, logging their open WiFi signals, including the data flowing across the networks.

Google was quick to explain and apologize, but further revelations suggest the extent of the data mining went beyond even tracking computer MAC addresses on the networks. Google appended its mea culpa / won’t-do-it-again to detail the network activity it may have recorded, and now between the lines netizens familiar with sniffing technology can surmise the privacy stalker was taking in quite a bit more.

Here is how Google explained the initial anomaly when news emerged from a German Government probe of their alarming information sweep:

In 2006 an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software—although the project leaders did not want, and had no intention of using, payload data.

Who is to say what is “publicly broadcast data?” Users could presume it means unencrypted transmissions, but not necessarily. The real revelation was the suggestion of “payload data.”

Google had to follow up their FAQs when their customers fielded some tougher questions:

…it’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products.

We’re getting over the shock of Google ads targeted at us based on where we’ve surfed, subjects about which we’ve emailed, and social network conversations. Get ready for profiling based on file and folder names on our desktop.

Don’t you just have the cutest puppy? Oh yes you do, oh yes you do

bowwow breakfastWhen it comes to pets, the grass is always cuter on your own side of the fence. But if you think others might share your myopic affections, All American Pet Brands want to hear from you. Do you imagine the sponsor of the Cutest Dog Competition, maker of Grrrnola, Bowwowbreakfast, Fido Flakes, Chompions, and Chewabunga, is offering iPod Nanos, $500 each week, and a grand prize of one million dollars just to get your dog’s picture, name and address? Almost just.

You may shrug off receiving the odd coupon offer for Fido Flakes, but your address and phone number are marketable information for direct mailers and telephone solicitations from local veterinarians, kennels, groomers, pet stores and carpet cleaners. And that’s just the obvious.

It doesn’t take simply a self-centric sense of aesthetic to fix your eyes on the prize money, or the delusion that everyone you know believes you deserve that award. Putting your dog’s mug online only requires the all-too-human desire to represent for your best friend. What kind of dog lover doesn’t want to honor their dog’s ego? I’ll bet those contacted to vote for a friend’s pet have a nagging conscience until they put up a picture of their own. That’s because it’s infidelity, to a dog’s chief nature, fidelity.

Speaking of nagging, if a child is involved in the household, uploading the photo of the family canine, and your personal data, and returning to the website once everyday to vote, is no longer even elective.

What the AAPB outfit in Beverly Hills California is collecting is your social network. Those who can enlist their Facebook friends, the probable winners, will be of less interest than the as-yet unconfirmed email addressees. The users whose dogs will get just a few votes will provide the data clouds that matter.

The information harvested by this contest will add depth to the profiles already circulating about you. Your contacts, their votes, compose an intelligence lattice.

For spooks, the password all participants are required to conjure, simply to vote, may bear no resemblance to the pattern of passwords they use. Although it probably does. Just as might your pet’s name.

Here’s the panel to register for the contest. You can’t collect a check if you give a fake address. And they have a cute chiding about your email too.

It may not matter too that university research labs can find out where to find Fido, as long as they don’t make house calls. I found it a little distressing that the contest entry form asked for your full address, but that apartment or unit number were optional. Would-be pet borrowers are probably deterred by the security of apartment buildings.

When pets do go missing, and their owners surround their neighborhood with Lost Pet fliers, the usual suspects are antifreeze, or abductors who supply private research labs.

Take the ACLU Facebook quiz to see what kind of open book you are

Maybe you don’t fear facing off with an army intelligence interrogator, FBI detective, or secret service agent sitting in a Fusion Center determined to anticipate your next move. But what about a loan officer, insurance adjuster, arbitration negotiator, prospective employer, or plaintiff’s lawyer taking your deposition, who’s armed with your psychological profile made up of your Facebook quiz answers? Your plan to defeat an IRS polygraph by clenching your butt-cheeks is a plan B of olden days. The ACLU has been anticipating these eventualities for you. They’ve devised their own Facebook quiz to illustrate.

The Facebook disclaimer makes clear, between the lines, that when you “allow” an application access to your personal information, the app’s third party can suck up every last detail of your file, “for the quiz to work.” It also grants access to each of your friends’ entire files, each time YOU click “allow.”

Now you may feel like you’ve put everything up on Facebook voluntarily. You can presume your friends did too. And although our info is limited to our friend circles, we probably assume that determined sleuths can extract it all anyway. And that’s certainly true. Even casual idiots can sidle up to glean important details without arousing our suspicions. We presume no insurance company or parole officer is going to preemptively fill their files with happenstance biographical queries, and so we feel safe.

We overlook that the great value of social networks to us, the web of connections, provides the filing tabs by which information aggregators can accumulate their data in a useful, ie. commercial, manner.

Soon we’ll have to worry about underwriters or graduate schools or fiance’s parents dismissing us outright based on our DNA. When that day comes, every marriage will be arranged, and preschools will have sufficient information to accept applicants in utero.

For now the thought of an accessible collation of my Watson-Glaser, Yale-Brown, Myers-Briggs, and which-potted-plant-most-resembles-you tests already hinders my being able to look you in the eye. I am who I want to be, and my 16th Century royaum is shrinking.

Trading Benjamins

Chinese yuan with Chairman Mao
My 14-year-old son is going to China next month, along with a group of classmates and chaperones. Yesterday I went to Wells Fargo to exchange $400USD for Chinese yuan. A small currency exchange, cash for cash, very routine. To accomplish the task, however, I was required to provide two forms of identification. This was not a glance-at-the-information kind of ID check, which would’ve been pointless to begin with. No, the clerk put the information into the bank’s data base before handing me the money.

I asked her, “Why on earth do you need my personal information to exchange currency?” She said, under her breath, “Have you ever heard of the Patriot Act? The government requires us to gather this information so they can identify potential terrorists.” She went on to tell me that Wells Fargo is the only bank in town still willing to deal in foreign currency. The other banks have opted out so they don’t have to jump through government hoops and engage in data mining to benefit our nosy and intrusive administration.

Walking out of the bank with my red notes, Chairman Mao watching me, gave me a creepy sense of foreboding.

Eavesdropping on a tree in the forest

Moon over clock tower Neufreistadt SLNEUFREISTADT, SL- Wandering a little in Neufreistad last night I came upon a chain hanging from a clock tower. Pulling it would ring a bell far above. It was night in Second Life, the moon and I were alone in the NFS sim, mine the only avatar even in the surrounding sims. The obvious question arose, if I were to ring this bell with no one around, would anyone hear it?

Do I know enough to say? A sim owner or manager, that is to say the person who owns that virtual estate or the person given authority to run it, can monitor SL activity without being online. They have a bird’s eye view, or so I understand, an extrasensory perception relating to the realm for which they are responsible. Ordinary users can see and hear what’s in our vicinity, and can sharpen our sight depending on how lifelike we want our faculties. (actually we can eavesdrop too, with virtual bugs to spy on virtual happenings.) Sim admins have meta power.

Above them, Linden Labs, the real world laboratory which houses Second Life, oversees the mechanics of their virtual creation. Their view is that of lab technician over the maze, watching the mouse try to find the cheese, omnipresent and unobserved if only because of their irrelevance to the reality below.

I cannot say whether any are listening, but I do know that they could. Such is the unexplored, but not indefinite world of virtual reality. You may not have been there before, but someone has, and certainly someone tends to it and has an interest in checking in. And that’s not even to consider the NSA.

Is there a real world anymore where you can act on a thought unobserved? With Google Earth, as an example of surreptitious satellites, could a tree fall, anymore, unheard? Can you travel in your car, sit in your room, whisper out of earshot of your cellphone, and feel you have privacy?

In cyberspace, surveillance is inescapable. But in the virtual dimension, whose landscape is it that’s being watched? Does the virtual world exist on your computer screen as much as it lies your head? From which are the spooks reporting?

Being seen unseemly

A PEW survey has revealed that self-googles are up, that is the number of people searching for a glimpse of their reflection online. Apparently earlier studies indicated a reluctance on everyone’s part to admit they googled themselves. I’d be inclined to think a narcissist’s curiosity is like nose-picking, we don’t expect our noses to rat us out.

Search engines, internet service providers and browsing software companies are of course in a position to know who searches for what. Isn’t it startling to consider they know when it’s YOU? How closely would you peer into a mirror if you knew so many internet middlemen with clipboards were staring intently back at you?

So your internet connection has a unique Internet Protocol (IP) address (here’s as far as the public can trace yours) and your computer has its own Media Access Control (MAC) address, how do they know it’s YOU?

Cookies and certificates stored by your browser facilitate tracking your online activities. They link the visits and search queries to your computer. Product registrations and credit card payment information link the computer to you.

The pattern of your browsing establishes a profile by which somebody can reliably deduce when your behavior betrays your identity. Suppose for example, atypically, you are playing at Webkins. It could be surmised that one of your cohabitants -likely already documented- was at the keyboard.