/bill's House O Insomnia : Privacy

Using Facebook to launch a Botnet army

William — Sat, 06 Sep 2008 17:07:41 GMT

Wired has a piece talking about how easy this would be to do. It's not entirely speculative since researchers built such a beast. I think the hype is a bit much though. The argument they make could be made for any mechanism that can get people to install software on their own computers. But unlike most other means, such an attack seems really easy to countermeasures. It wouldn't take long to figure it out and Facebook could easily send out a notice telling you to uninstall it. Much like human viruses, computer viruses and botnets are only really effective if they are allowed to exist in the infected host for a period of time, at least long enough to spread in the case of viruses, or long enough to be used in the case of botnets. I'm not so naive to think that some Facebook users aren't all that computer savvy, but overall I think it's a demographic that's fairly sophisticated. And they talk to each other a lot. Even if every facebook users downloaded the app (something really hard to fathom), it seems it would be pretty easy to eradicate. The more popular and more pernicious the bots, the more buzz there would be. That's not to say they don't raise some good points and that Facebook shouldn't try to prevent such things from happening, but it seems like it's only worrisome in the theoretical sense.

Privacy is an outdated notion

William — Mon, 11 Feb 2008 01:16:00 GMT

That's not to say that I like that fact, or that I don't lament it, but if you really think about it, it's hard to deny. After 9/11, I was reading a Wall Street Journal aritcle discussing the national id card. Larry Ellison was a big supporter of it (and more cynical people believed his motivations were financial in that Oracle databases were the most likely ones to be used to implement such a scheme) and countered the privacy objections by saying something to the effect of "privacy is an illusion, you don't have any". He went on to point out that we get filmed x hundred times a day without even knowing it most of the time. All of our cell calls are logged. SMS messages are all logged. Same for email. And since we decreasingly use cash, most of our purchases are tracked as well. So his point is that we'd gain security and give up little to no liberty, so why not? I really hate this fact, but it'd be hard to disagree with him - at least in his assessment of the 'problem', there are many objections against the solution.

This post won't come as a surprise to anyone and I bet to some extent, we've all done this to ourselves already, but it does drive the point home. I remember reading a book called How to Be Invisible several years ago and really liked it. It might sound like one of those Paladin Press "Never pay taxes again" types of books, but it's not. In fact, the author is quite militant when it comes to people using his suggestions to break the law. His whole concept is how to keep yourself off the grid while living legally - that there are many cases of people being stalked, killed, or just bothered b/c of publicly available information so it pays to keep yourself off the grid. After 9/11 he said many of his suggestions should no longer be used b/c trying to keep things private took on a new meaning. I remember the book's opening quote "Government's keep secrets from people, why then should people not be allowed to keep secrets from government" I still paruse his http://www.howtobeinvisible.com/ and this sort of stuff makes me think I ought to go through and read the updated book again.

Mujihadeen Secrets II

William — Mon, 11 Feb 2008 00:25:00 GMT

Increasingly, I read stuff in 'serious' publications and have to wonder if it wasn't supposed to be posted to the Onion instead. This is a perfect example . The map of their 'locations' is priceless.

Is this legal?

William — Sun, 06 Jan 2008 20:15:00 GMT

Bruce Schneier has a new article on a program that Sears is installing on people's computers.

Money quote: "If a kid with a scary hacker name did this sort of thing, he'd be arrested. But this is Sears, so who knows what will happen to them. But what should happen is that the anti-spyware companies should treat this as the malware it is, and not ignore it because it's done by a Fortune 500 company."