privacy threats

[Damian Gerow]

Thus spake coderman (coderman at gmail.com) [11/04/06 16:24]:
: if you had to rank each of the following in order from greatest to
: least privacy invasion, how would you rank them?
: 
: - global eavesdroppers: NSA, etc.
: - corporate aggregators: Acxiom, ChoicePoint, etc.
: - social network sites and blogs: MySpace, LiveJournal, etc.
: 
: NSA is often a villain due to the shear breadth of data they monitor. 
: But corporate privacy invaders can get a level of detail on your
: person that even Big Brother envies.  and just how much personal
: detail do people willingly broadcast to the world through social
: networks and online journals (knowingly or unknowingly)?

In terms of privacy invasion, I'd probably have to go in the reverse order
you listed.

It's relatively easy to avoid content analysis using things like
cryptography.  That will leaves traffic analysis (who's going where, who's
talking to whom) open, but removes some knowledge.

...  I had some notes here about how the list includes an organization that
performs a certain action (or set thereof), and a source of data.  It's a
difficult comparison, but it's also been many hours since I started writing
this, and the details of my thoughts are nowhere to be found.

: how would you protect your privacy in each of these three contexts?

Global Eavesdroppers: If I'm doing something that I /really/ don't want
$TLA to know about, use some sort of anonymizing, zero-knowledge-ish
system.  A la Freenet or mixminion.  And judicious use of cryptography never
hurts.

Corporate Aggregators: Just don't fill out personal information anywhere.
Or use bogus and contradictory information.

Social networks: Same kind of deal: don't use 'em.  Or, if for some reason I
find myself in a situation where that's not an appealing (or viable) option,
don't use real data.