Tag Archives: privacy

Banks and other organisations are irresponsible to ask for personal details over the ‘phone.

We’ve all had a call from the bank, this is nothing new. However, in today’s day-and-age, why do banks and other organisations we have accounts with think it’s okay to ask for our personal details on the ‘phone?

Several times this week I’ve had a call from my¬† bank. Upon answering, I’ve been told that they want to speak to me about “personal banking matter” and then asked for my personal details. This could be your date of birth, postcode, address, account number or one of many more pieces of personal information. I politely declined, telling the call-centre droid that it was a personal security risk to give this information out on a incoming call. They then proceeded to give me a number to call back on, which I also declined for the same reason. When I called my bank to ask about the call, they told me I did the right thing by not giving my personal information, even though it appears that it was them who called me!

We all know about about identity theft. Many of us have heard of social engineering, so why do supposedly reputable organisations insist on using such poor practice to try and contact us? Surely, we all know that someone can easily ‘phone you and pretend to be someone they’re not? Caller-Line ID is easy to fake if you know how so even the ‘phone number isn’t much use to you.

The FSA should produce guidance on this and banks and other organisations should agree never to ask for information in this way, to help stamp out unintentional information disclosure to nefarious third parties.

But why don’t these organisations seem to care? The answer is simple, all they care about is profit. They are not actually concerned about safeguarding you as long as they turn a profit and as long as it does not harm their reputation. The only way this behaviour is going to stop is if we all refuse to give out this information and make their calling not worthwhile.

So, next time someone calls you like this, I urge you to politely decline to give information. It’s safer for you and if enough of us do it, these organsations will stop trying their luck.

Thought for today

I’m not anti-system. I will support systems that work for the good of society and peacefully object to those that don’t.

I’m not anti-government. I will support a form of government that I broadly trust and believe in and respects my rights as an individual.

I’m not anti-state. I will support a state which enables me to be a free and independent individual and to live my life as I choose without fear of discrimination hate and violence from others. In return I will not show discrimination, hate and violence to others.

I’m not anti-business. I will support businesses that act ethically where they can, in the best interests of human kind. I will do my best to limit my contact with those that don’t.

I’m not anti police. I welcome a police force that protects my human right to live as I choose without fear of violence, discrimination or prejudice but does not intrude on my right of privacy or my right of choice.

So, there’s some themes here:

1) Respect for the individual

2) How does the above apply to the current state of affairs?

3) Tolerance. Are we moving in the right direction? If so, maybe some patience is required and trust in the belief that we will get there.

4) Responsibility. We have a responsibility to society to support that which is good within our society and object to that which is not. Of course, the debate starts when we all try to agree on what’s good.

5) Misinformation. Whether it’s deliberate or unintentional, it clouds the issue greatly. The Internet and the way it makes it so easy for everyone to publish compounds this issue. Before you make a judgment, question the validity of your sources.

Diaspora* – a new social media platform

Many of you use Facebook. However, with decreasing privacy and the fact that FB own your personal data, many are looking for a new social media platform where control can be retained over your data. Enter Diaspora*.

Diaspora* is a new social media platform based on a federated architecture. This means that you can host your data on any one of many public servers, or run your own. The network handles distribution of posts to your friends in much the same way as email; your posts are delivered to your friend’s server directly, there is no central system. This is great for resilience and it is also great for privacy as only the data you specifically allow to leave your server ever does.

There is no advertising on Diaspora*. It features a nice clean, simple web interface and also a mobile site, Android and iPhone apps, just like Facebook does.

I am currently testing a new community Diaspora* server (or Pod, as they are known) with the view of offering access to it to all my friends so we can all start the migration away from Facebook together. Don’t worry though, Diaspora* allows you to cross-post your status to Facebook, Twitter and Tumblr automatically, if you like. This makes the transition easy to manage as your friends who have not yet made the switch can still see your posts.

If course, you’re welcome to use another Pod. One such public Pod is joindiaspora.com, which is run by the founders of Diaspora*.

The first step towards avoiding internet censorship and control (alternative DNS Roots, opennic and why you should care)

As governments and corporations look to exert more control over the internet the issue of avoiding internet censorship and promoting freedom of speech has become a central issue in shaping our internet for the future. To ensure that information is both free and uncensored it is imperative that political and economical forces are not able to unfairly modify the internet architecture for their own purposes. At the centre of this is issue is the Domain Name Service (DNS).

DNS is a directory of computers and their associated names, much like a ‘phone book. When you type an address in to your browser (for example, www.google.co.uk) your computer asks the DNS service to find the IP address that is associated with this address so your computer knows where to connect to to get the page you have requested. The DNS is a hierachical structure, made up of a number of Top Level Domains (TLDs). These TLDs are the right-most part of the adrress, like the .com, .net, .co.uk etc that we all know.

Anyone can run a DNS server. However, to resolve the domains we all know, your server needs to talk to the top-level or root servers. These servers are run by corporations and are distributed around the world. The overall administration of the DNS and IP addressing falls to an organisation called Internet Corporation for Assigned Names and Numbers (ICANN). ICANN is a non-profit organisation which was set up by the US Federal Government to control DNS, which was previously within US Federal remit. The US federal government has retained influence over ICANN, not least because ICANN is operated within US jurisdiction. ICANN charges a large amount of money for the privilege of setting up a TLD or being a reseller for domains within a TLD, which used to be free when the internet was first created.

DNS can also be used to track your internet access. This is because every site you visit generates a DNS request, which can be logged, leaving a record of all of the hosts on the internet that you connect to. DNS can also be used to censor your access; if a domain is removed or blocked from DNS, you cannot resolve the domain name to the IP address on which it is hosted, thus stopping access to the domain. Censorship using DNS blocking has already been implemented in many countries.

However, there is a solution to this invasion of your privacy. Alternate DNS root systems can be used which do not have such censorship. This also provide an added bonus: free to register domains and TLDs, thus making DNS free, open and globally distributed, as it was always intended to be.

One such alternative root provider is opennic. Opennic allows you to resolve a host of new TLDs whilst still allowing access to the existing, ICANN administered domains. It’s easy to use, it just takes a simple configuration change on your PC to benefit. Click this link for more discussion on why this is a good idea and to find out how to make the simple change.

So there we are. Object to censorship, control and artificial costs. Join me in using opennic now and keep internet freedom alive.

Letter to my MP about the Communications Data Bill

Dear Mr ,

I write with reference to the government’s proposed Communications Data
Bill.

Firstly, a little about my background. I am a freelance computer
professional specialising in IT Architecture and IT Security. Over the
last fifteen years I have worked on systems and designs for many public
and private sector clients including <removed for personal privacy reasons>
. I have also been involved in the forensic analysis of data from computer systems.

I have serious concerns about the governments plans and it’s impact on
the individual’s freedoms and human rights. I also have concern about
the efficacy of this method of gathering information and the potential
for misuse of the data gathered, both legally and illegally.

People today have an intimate relationship with the Internet, in many
cases more intimate than relationships they have with other individuals.
For many the Internet is their first port of call if they have a
concern, for example, about a medical or personal problem. The internet
is used to communicate with like minded individuals, to access subject
matter of interest, even to persue someone’s deepest, most private
desires. An individual’s Internet usage therefore reflects their entire
life, even the most private of things like sexual preferences and other
private interests. Collecting data on Internet usage therefore has the
ability to expose an individuals private life in it’s entirety.

I believe data such as this should be private, safeguarded by the basic
human right to privacy that should be offered to every human being. It
is accepted that in society the Government, the Police and the Security
Services sometimes need to delve deeply into someone’s life for reasons
of crime prevention and national security. However, this intrusion must
be justified. Currently, the law provides this safeguard with the
requirement for a warrant to be obtained before this type of data can be
collected. In my view it is incredibly important that this safeguard to
our individual privacy is retained.

There is also a major security issue in collecting and retaining this
information. A leak of this information from an ISP could easily happen.
This could potentially put individuals, particularly those in the public
eye, in a situation where they could be blackmailed, threatened,
compromised or harmed. For ISPs to handle this sort of information,
there is also a wider issue here; should ISP staff be subject to
Security Clearance if they have the potential to access this sort of
sensitive information? Would it be appropriate for this information to
be officially classified as Confidential, Restricted, Secret or above?

Information that could be collected under the Communications Data Bill
will not be effective in fighting terrorism and organised crime as has
been stated by the government. I can think of many ways that an
individual could circumvent these measures. For an organised group the
possibilities to avoid detection are even greater. Instead, the data
generated will only really be useful for monitoring and profiling the
innocent. Fear of being caught for doing something that is completely
innocent could do the greatest harm, with individuals, particularly
young people, afraid of seeking information for fear of being
criminalised for it. Profiling in particular is also a major concern as
it effectively criminalises individuals or singles them out for special
attention based on probability. It is incredibly important to remember
that an individual is not a criminal unless they have actually broken
the law. It should also be noted that it would be easy for criminal
groups to resort to more traditional techniques of communication, thus
circumventing this proposed legislation entirely.

– From a technical perspective, the technical implementation of this
Bill runs the risk of harming the internet experience for many, causing
slowdown, breakages and difficulty in accessing sites, at least in the
beginning. The heavy technical requirements in terms of skill and
investment favours the very large ISPs and penalises smaller companies.
Some websites do not function correctly when used via an internet proxy
and some ISPs may not be able or willing to make the investment in
infrastructure required to provide a performant web proxy solution. I
worked on one of the UKs larger proxy deployments for the [removed for privacy reasons] and I can
assure you that the hardware and skill requirements to provide this type
of service are significant. Someone has to pay for this and this will
always be the public, either by increased internet costs, taxation or both.

This bill also preys on the public’s lack of understanding of the
technical issues surrounding this issue. Whilst saying these measures
will enable the Police and Security Services to catch more terrorists,
criminals and paedophiles is very emotive, in the real world I do not
expect a statistically significant increase in apprehension rates as a
direct result of this legislation. I therefore find it difficult to
accept the investment required as there is no real benefit to be gained
from it. I also find it impossible to justify this gross breach of
individual rights for so little gain. To me this Bill is little more
than policing by numbers; monitor enough people and eventually you’ll
find a criminal. This is not by any intelligent process but pure statistics.

I would therefore urge you to consider opposing the proposed
Communications Data Bill in its entirety.

Yours faithfully

Simon