On Sat, 27 Apr 1996, Black Unicorn wrote:

On Sat, 27 Apr 1996, Sentiono Leowinata wrote:

...

I wonder how they can get the e-mail address? Our finger daemon are blocked. Many un-broadcast e-mail addresses (the account never send any e-mails to anyone) are in the database. How? Furthermore, isn't it also privacy invasion? Would any hackers or expert people kindly to tell me how to block further threat like this?

Use a nym.

This doesn't necessarily help if you work or study at a large institution (stanford.edu, for example). It depends on what you want to keep private. If I want to moonlight or carry on a political discussion, I can use untraceable nyms, but if someone wants to know where Rich Graves works, then there is no way for me to stop them from finding out. That's not a problem for me, obviously, but I've got 30,000 other people to worry about. What whowhere.com did (whoswhere was a typo, yes -- it was late, and I was rather pissed off) was grab the password file some time ago. We know that they grabbed the password file because they have misspellings, odd capitalizations, and daemon/group IDs that appear *only* in the password file. We know exactly when they did it, because the password file is built sequentially. They have everything up to line 26,667, and nothing after that line. We know exactly when account 26,668 was opened. Search for "SITN Account" at organization "stanford.edu". These are kerberos IDs that have never had email addresses. They have never existed outside the password file. They also have password files from a few other large educational and commercial organizations. It is not clear that they broke the law getting our password file, but in at least two other cases, it is. The threat profile is this. We've got grad students and visiting lecturers from repressive countries, or good-guy countries threatened by terrorists. We've got some really famous people who don't want to be stalked. These people have unlisted phone numbers, unlisted email addresses, unlisted physical addresses, and if you call the registrar for a transcript, the registrar will neither confirm nor deny that Stanford has ever heard of such a person. If you finger @stanford.edu, these people will never show up, no matter how you formulate the query. They're simply not in any directory database. If you grep one of the files that whowhere.com OBVIOUSLY used to build its database, some of these people do show up. If you then finger that address specifically, you might get the last login time and location, which might tell you exactly where they live and work on campus. You can then send a package with excessive postage, or something like that. Never mind women (or men) being stalked by sticky-fingered psychopaths. One person's paranoia is another person's reality. In a way, I suppose we're "asking for it," because anyone with a reasonable level of technical knowledge would know that the password file the whowhere.com guys took is vulnerable, but the users who are now in a public directory without their knowledge or consent were NOT asking for it. Since the fact that they're at Stanford is one of the things some of them might want to keep secret, there is no satisfactory compromise short of removing all names and addresses collected in such unethical ways. whowhere.com is in Mountain View; its principals live in Palo Alto, a ten-minute bike ride from campus. If some (former) Stanford affiliate helped them out, they're in trouble. If some (former) Stanford affiliate didn't help them out, then they're in a lot more trouble. They also have an entry for me as "Dick Graves - CDA Investigator." I believe I used this in the From: line of two posts to su.* newsgroups that do not propagate beyond nntp.stanford.edu. The presence of this address means that they were building their database on Stanford computers, which is a big, big no-no. -rich

On Sat, 27 Apr 1996, Black Unicorn wrote:

...

...

[Unicorn of Color:] Use a nym. [Me:] This doesn't necessarily help if you work or study at a large institution (stanford.edu, for example). [Unicorn of Color:] I think you took my comment in a smaller scope than it was intended.

Use a nym. If you want absolute privacy, work and study under a nym. It's hardly difficult, you just have to start early.

I disagree that it's "hardly difficult" for most normal people. There are bits and pieces of helpful information around, but they tend to be in tax-protester-type rags that also contain a lot of loony stuff guaranteed to land you in jail. And many of them are just snake oil scams themselves. You know the difference, but I'm only starting to learn to, and Joe Schmo hasn't a chance. Anyway, I can't work for an organization like Stanford University without a real name and Social Security number. In theory, I suppose, that real name and Social Security number don't need to be the only ones I have.

Depending on someone else (university, employer, government, phonecompany etc.) to protect data for you is, in my view, foolish.

In this case, I am the "someone else." How do I behave responsibly when I have thousands of people coming in every Fall with no clue about privacy issues? I have to go after the leaks. Of course I know that none of my clients has any real security or privacy, but stopping such information from being trivially available on public web servers at least helps stave off the random nutcase. Restricting the field to more specific nutcases, with or without official titles, helps with the threat profile. It was an uphill battle just to delink identity, location, and DNS registration. It used to be that you could pinpoint a student's name, address, and telephone number by their personal computer's static IP address. They weren't even told that this was possible. On yesterday's lovey-dovey research/educational Internet where everybody trusted everybody else, it was just more efficient for troubleshooters and system administrators to know where everybody was. Now, it's a scarier world, and we all know that, but it's tough convincing people to change a system that works. My personal choice has been (near-) complete openness, because I ironically feel more secure if it is trivial for certain very specific nutcases to verify that I pose no threat to them. I do not wish my enemies to be paranoid. Paranoid people break things. I've chosen the security of the high ground rather than the secuurity of the cave. Of course, I'm learning to keep my personal life personal, and one day, I might find it useful to disappear. -rich

On Sat, 27 Apr 1996, Rich Graves wrote:

On Sat, 27 Apr 1996, Black Unicorn wrote:

...

[Unicorn of Color:] I think you took my comment in a smaller scope than it was intended.

Use a nym. If you want absolute privacy, work and study under a nym. It's hardly difficult, you just have to start early.

I disagree that it's "hardly difficult" for most normal people. There are bits and pieces of helpful information around, but they tend to be in tax-protester-type rags that also contain a lot of loony stuff guaranteed to land you in jail. And many of them are just snake oil scams themselves. You know the difference, but I'm only starting to learn to, and Joe Schmo hasn't a chance.

It's an informational issue, not a logistical problem. This much is true. But think of it this way. Joe Blow's house burns down, taking with it all his documentation. Even Joe Blow has to be able to replace it all even with no credentials. So what makes you and Joe Blow distinct when you're standing in line to get those credentials? That should give you some idea of the (lack of) difficulty.

Anyway, I can't work for an organization like Stanford University without a real name and Social Security number.

I challenge this assumption.

In theory, I suppose, that real name and Social Security number don't need to be the only ones I have.

Precisely.

...

Depending on someone else (university, employer, government, phonecompany etc.) to protect data for you is, in my view, foolish.

In this case, I am the "someone else." How do I behave responsibly when I have thousands of people coming in every Fall with no clue about privacy issues?

[...]

It was an uphill battle just to delink identity, location, and DNS registration. It used to be that you could pinpoint a student's name, address, and telephone number by their personal computer's static IP address. They weren't even told that this was possible. On yesterday's lovey-dovey research/educational Internet where everybody trusted everybody else, it was just more efficient for troubleshooters and system administrators to know where everybody was. Now, it's a scarier world, and we all know that, but it's tough convincing people to change a system that works.

I applaud your efforts, but the 'one good administrator' can only do so much. In the end if people want privacy they have to work for it themselves. The goal in my view is to promote an atmosphere where that kind of self-insurance is possible, not one that puts the responsibility in the hands of government, or the system administrator.

My personal choice has been (near-) complete openness, because I ironically feel more secure if it is trivial for certain very specific nutcases to verify that I pose no threat to them. I do not wish my enemies to be paranoid. Paranoid people break things.

The nice thing about paranoids, and other privacy invaders, is that when they have an answer to a question they usually stop looking. Provide them with an answer. --- My preferred and soon to be permanent e-mail address:unicorn@schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com

On Sat, 27 Apr 1996, Sentiono Leowinata wrote:

I wonder how they can get the e-mail address? Our finger daemon are blocked. Many un-broadcast e-mail addresses (the account never send any e-mails to anyone) are in the database. How?

It's a sad fact that many unscrupulous(sp?) writers of WWW pages use non-visilble "on load" HTML to record what the web browser thinks the email address of the person browsing the page, and, I presume sell this info to the junk email producers. Part of the WhoWhere archives could have come from such sources. (personally my address in netscape is stop.stealing@addresses.you.CENSORED) If one really set ones mind to it, I guess that grepping through mailing list archives for addresses, and using a webcrawler to search for MAILTO= would lead to many thousands, or even hundreds of thousands, of addresses. On the plus side, the search engine will not let "*","\*","?*" and so be used, and there are no real matches for "root", apart from stuff like "Bob Root" etc. -- Gus <angus@bmsysltd.demon.co.uk> |-|PGP Fingerprint = 73 83 C0 EA 2E A6 00 3E http://www.thepulse.co.uk/angus |=|(Key on request) 08 B1 19 0D 8B BE 87 B9 CIS 100545.720 |+| "Linux - You know you want to." | "fuck" |Advertising/Promotional email will result in a campaign of hatred and abuse|

I looked up Stephen Hawking in their "database". The appalling result:

Name: Stephen Hawking E-mail: retard@dribble.net Last Updated: Mar '96 Address: 1, Crip Street Cambridge Disabled UK Phone: URL: http://www.damtp.cam.ac.uk/DAMTP/user/hawking/

Message: Ngghhh ngghy mmmfffgffff ngggnnhghh

Sign me up for the IPO... -- Will