While investigating the privacy implications of retired Gen. David Petraeus’s affair, the Daily Dot encountered several “old wives’ tale” of Internet privacy, especially centered around email security. One was the persistent fiction that by trading draft emails in a shared account, users can avoid both technical detection and legal seizure of their information. The other is that by not putting your name on something, you’ve made it anonymous. Neither of these is true, for the record.
We wondered if there were any more of these privacy fables, so we contacted several experts in the area of Internet privacy. It turns out there were a few.
“Are their old wives tales relating to privacy?” asked Andrew Lewman, executive director of the Tor Project. “Yes. Hundreds of them.”
Hanni Fakhoury, staff attorney for the Electronic Frontier Foundation, listed a few of them for us. These were seconded, and expanded, by commenters on Adam Shostack’s New School Security blog.
- Deleted emails are permanently deleted.
- There’s no way anyone can get their “off the record” instant messaging chats.
- People can “anonymously” send email without doing anything to obfuscate their IP address.
- Legal disclaimers at the end of emails are binding.
- Avoiding email and social networks make you unreadable (companies can build your social map in reverse from your other users).
What other common myths are out there, being handed down and forwarded across the Web?
Ye olde times
Back in the early days of blogging, the major fiction was that no one was reading something as insignificant as a blog. The arrests of bloggers in China, Iran, Egypt, and elsewhere quickly ended that expensive misapprehension. Then, the thought was that if you did not put your name on your blog and, later, signed up for social media tools and networks with a false name, that would protect you.
It may have for a while, but the security services of various countries quickly figured out that if you mentioned you were a doctor and that you lived in Luxor and that you lived in a house near the river with your aging parents, some door-knocking would turn you out.
Circumvention tools like Tor and Peacefire/Circumventor came up, proxy sites proliferated and PGP encryption became prevalent. These tools allow Web users to interact with sites without showing the distinct IP addresses of their computers. Some used them but for many, they were using social media because it was easy, they had other things but technology to pay attention to, and felt daunted by anything more difficult than WordPress or Facebook.
At the same time, those governments and nongovernmental groups with a vested interest in keeping control over people got much techier, much more quickly than many of the accountants, students, and union leaders using the technology. It is rare that a government does not have a tech-focused investigation unit in their state security apparatus.
The nature of email
Much of this is the result of people naturally tending to think of their email (as per the name) as a species of mail. The niceties of the law have not followed that thinking.
Lewman told the Daily Dot he believed the fulcrum of the issue is the nature of the “third party service” the Web is dependent on. By using nearly any service online, you are giving your information, and that of the person or people with whom you are communicating, into the hands of an entity outside your conversation.
“In the U.S.,” Lewman said, “the third party doctrine means you’ve given up all privacy and control of that information.”
There is some indication of a change starting. Fakhoury notes the Sixth Circuit Court of Appeal’s decision in U.S. vs. Warshak (PDF), which established some expectation of privacy when it comes to email held by third parties.
“The challenge for someone wanting to control their identity and facets of privacy,” Lewman said, “is to understand the difference between content and envelope data.”
Content is the “Dear John” of your email. The envelope data can be thought of as the sender and recipient addresses. From that information alone a dedicated organization can build up a mighty picture of you and your communication.
“Think of the post office or UPS or FedEx,” Lewman said. “They don’t open your packages, but can build a huge profile of you by simply recording the to and from addresses, the size of the package, and frequency of the packages. If they then go one step further and map out the addresses, they can learn more about what you’re doing via the mail.”
Even if those seeking this information are not out to nail you, it is still disconcerting for many.
Turning the tables
How easy it to map out that sort of information? Lewman looked at the Daily Dot and shared the following:
“Your site itself and the media content network is hosted by EdgeCast Networks in California. Your email is handled by Google mail for domains. You have eleven other domains called by the site.
“If someone started writing harassing comments on your articles, they not only leave a trail on your website, but with 11 other sites around the Internet. Law enforcement isn’t stupid; they are going to poll all eleven domains to get information about the post at the exact timestamp of the posts.
“This may be good if you want the police to do their job and hunt down the person. However, if you’re an activist in a hostile regime or an abuse victim trying to discreetly find help, you’ve leaked info in lots of places inadvertently. All this because you wanted to view an article on sexism at comic cons. ;)”
“We’re not saying ‘trust no one,’” Lewman clarified. “But we are saying ‘get educated and make your own risk assessments.’”
Even if and especially when
According to Bennett Hasselton, director of Peacefire, even if you employ encryption and circumvention software, their mere use can open you up to suspicion.
“People forget that even though encryption can prevent an adversary from seeing what you’re doing,” he told the Daily Dot, “they can still see that you are using an encrypted connection… to hide your documents, and that can draw attention to yourself or arouse further suspicion if you’re already being watched.”
The ultimate solution to that? Shipping computers with built-in encryption, as he argues in an article on Slashdot. Frankly, if you’re waiting for that to happen, you may wait for a long time.
The short-term solution might be to use… Gmail.
“If you’re in a hostile country that doesn’t block Gmail,” Hasselton said, “just connect to Gmail, because all traffic to and from Gmail is encrypted. More importantly, everybody who connects to Gmail, connects over an encrypted connection, which means that your connection to Gmail won’t look any different from anyone else’s connection to Gmail, so you can avoid attracting attention to yourself.”
And so, the circle of life is complete.
The point is not that you cannot be safe, that you cannot maintain privacy online. The point is you cannot be completely safe at all times and there is no such thing as perfect privacy online ever.
What’s your major malfunction?
The majority of user errors in regards to personal security, according to Fakhoury, “comes from a fundamental misunderstanding about how technology works.”
Lewman agrees and carries the implications forward.
“They cannot assess risks well,” because of this ignorance, “and either give up in some nihilistic vein or just assume someone else has thought about the issues and made smart decisions for them.”
But Cormac Herley, principal researcher in the Machine Learning Department at Microsoft Research, disagreed strenuously in his paper, “So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users” (PDF).
“We argue that users’ rejection of the security advice they receive is entirely rational from an economic perspective,” he wrote. “The advice offers to shield them from the direct costs of attacks, but burdens them with far greater indirect costs in the form of effort.”
Further, the notion that users are being offered security itself is a fiction.
“Security is not something users are offered and turn down. What they are offered and do turn down is crushingly complex security advice that promises little and delivers less.”
Most attacks, whether by spam or by FBI, do not cost a user as much money as they cost him or her time. In fact, our lives are all about calculating and leveraging the value of time expenditures. We want to draw dividends that are greater than the time we spend to get them.
To most people, using a tool like Tor seems confusing, or unnecessary, and above all, time-consuming. To some people, a bit of stylish incantatory techno-magic (like using the draft folder) feels like it ought to do the trick. It’s the “truthiness” of online security.
The shabby security used by Petraeus is something that drives most people to either haughty disdain, the medicine cabinet for a bicarbonate of soda, or a dark corner to fumble with their consciences. But the notion that the same rinky-dink, duct-tape Frankensteining might have been used on computer files whose loss could cost lives is cause for much greater concern. In much the same way, someone seizing personal information, whether it’s a law enforcement authority or a Russian hacker gang, seems important enough when it happens to you.
To deal with your own security needs, first you must assess them, realistically. Is your hard-drive full of Dave Atell fanfiction? Swiss bank account numbers? Notes on your patients? Plans for your S&M dungeon? Plans for your D&D dungeon?
You have to ascertain your level of protection needs and you have to consult responsible, knowledgeable parties to discover the best way to make sure they’re met. You have to be honest about how much time you’re willing to invest and make sure it’s high-value time that delivers substantial returns.
Illustration by Jason Reed