Hiding in plain sight

In this age of ‘Big Data’ the masters are the ones who hide in plain sight. If you generate billions of media bits that must be parsed by the powers that be, the devil really is in the details.

During a stint in a fraud unit I learned that the trick wasn’t to read all the monitored data, but to build patterns of ‘normal’ for everyone monitored. If the patterned changed then something had changed, and an investigator was assigned.

Another article I keep remembering is an interview with with a ‘Ninja Assissan’ who was quoted as;

” I never sleep in the same bed two nights in a row (he had 5 bedrooms), and he never ate the same thing for breakfast (though he always ate what he wanted)

Hence the pattern he would generate would always be random, and therefore a consistent repeated event would be considered abnormal and a ‘red flag’ that something wasn’t normal.

So to hide, and maintain privacy would be to either overwhelm the bit watchers, or develop such a random lifestyle as to make normal pattern matching methods useless.

anyone want to be a Ninja Assissan?

UPDATE: Pattern Reconition

UPDATE 2: Global consumer data broker plans to reveal your data

If you Can’t dazzle them with data, baffle them with Bull Shit!!!

UPDATE 3: Just so you know: US government is hoovering data from Apple, Microsoft and Google servers

Skype security, and privacy

Communications and privacy will always be a concern, any protocol a computer can generate can be broken, the question is how long, and how important.

If your ego about your importance in the world is justified by others, then expect them to be listening. You can only slow them down.

For the rest of us, who are meaningless, no one will take the time to break through tissue paper to listen in on us. And we are safe enough.

If you seek real security, don’t use a computer to encrypt your message, find a better way.

Internet Privacy myths

One of the enduring myths of the internet is the one involving privacy. This article on CNN titled U.S. enables Chinese hacking of Google takes umbrage at the notion that everyones email is secret and private. And while this myth might comfort many, the truth is that email was NEVER private. Every email host, every email relay was able, and in fact, completely open to reading, scanning and snooping, by man-in-the-middle processes and furthermore always has been since the beginning of the internet. And even if everyone was using https or ssh with their email clients while connected to their mail server, it did not encrypt the contents of the email. It may have minimized the likelihood of it being read in the data stream, but unless you were in the habit of encrypting your email with PGP or some other cypher your email and hence your ‘Privacy’ is negligible, hence, the privacy myth.

And while on the CNN article the discussions brought up the same old saw that governments HAD to have backdoors to snoop on email communications to prevent crime and terrorism without the concern that at no time has it proved itself in practice. Anyone wishing to sent communication, and have it stay private can do so, even in the face of a dedicated snoop. Anyone who had even browsed an encryption textbook can create a completely uncrackable code, and I mean uncrackable by anyone, by any means and present their messages in plain text in emails. Hacking them by any government is merely security theater and fundamentally has NO value.

If you seek ‘privacy’ stop sending anything through the internet unless it is encrypted by at least PGP (if not something more substantial). The only thing Google has lost in this privacy issue is the trust of their users to protect their email ‘publications’ on the internet. Now everyone will know that they have another recipient to all their emails, in other words, all the other governments, hackers, scammers and spammers in the internet.

Cork Cliques

One of the first things I had heard about Co. Cork is the Cliquish nature of Cork. Everyone is always saying Cork is a small place, but when you are out in Cork, you are out forever. There are no open doors here, and no friendship extended. If I and my wife were not already rather private and reclusive, Cork would surely make us very lonely, and she grew up here. We have many times the friends online than we have in the whole of the Cork. Still it bugs me, but efforts to extend our circle have been proving fruitless and a waste of time as exampled in my last post.

Crypto in the personal privacy world

I was recently presented with The Code Book and while leafing through the pages during a moment of boredom I managed to create a simple crypto using the Julius Caesar character substitution method using Sybase T-SQL. And though I’m sure that the resulting encrypted text could be broken with brute force, it would not be easy, nor very worthwhile for most messaging.

In this world of spying and privacy invasion from all directions, a little personal crypto might be in order, particularly if one is inclined to be suspicious of commercial algorithms. and while this stored procedure is simple, it can be enhanced, feel free to use it for your own needs.

CREATE PROCEDURE dbo.simple_crypto
(
@key_word varchar(25),
@message varchar(255),
@direction varchar(8)
)
as

set nocount on

declare
@key_input varchar(20),
@key varchar(27),
@key2 char(27),
@olumn int, @olumnk int,
@input varchar(255),
@olumnb int,
@output varchar(255),
@out char(1), @a_char char(1),
@undone varchar(255),
@count int

select @count = 97, @olumnk = 1
select @key_input = lower(@key_word) –‘branedy’
select @input = lower(@message)

create table #alpha (a_char char(1))

while @count <= 122
begin
insert into #alpha
values (char(@count))

select @count = @count + 1
end

select @key = char(32)

while @olumnk <= datalength(@key_input)
begin
select @out = substring(@key_input, @olumnk, 1)

delete from #alpha where a_char = @out

if @@rowcount = 1
begin
select @key = @key + @out
end

select @olumnk = @olumnk+1

end

select @key = @key + a_char from #alpha

drop table #alpha

select
@olumn = 1,
@olumnb = 1,
@key2 = ‘abcdefghijklmnopqrstuvwxyz{‘

—————–encrypt

if @direction = ‘Cipher’
begin

while @olumnb <= datalength(@input)
begin
select @output = @output + char(charindex(substring(@input, @olumnb,1), @key) + 96)
select @olumnb = @olumnb+1
end

select @input + ‘ = ‘ + @output as ‘Encrypted’

end
——————————————-decrypt

if @direction = ‘Decipher’
begin

select @output =@message

while @olumn <= datalength(@output)
begin
select
@undone = @undone+ char(ascii(substring(@key, charindex(substring(@output, @olumn,1), @key2),1))) –,
select @olumn = @olumn+1
end

select @output + ‘ = ‘ + @undone as ‘Decrypted’
end

——————————–

select ‘From the key ‘ + @key

return
GO

Irish Rights gets visibility

Digital Rights Ireland has gained new visibility in this article Digital rights activists take aim at EU data laws And more power to them. It’s about time that the governments of EU remember who they work for, the citizens of the EU.

As in the words of V ‘people shouldn’t be afraid of their governments, governments should be afraid of their citizens’