PRIVACY Forum Archive Document
|
PRIVACY Forum Digest Friday, 24 December 1999 Volume 08 : Issue 22 (http://www.vortex.com/privacy/priv.08.22) Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. http://www.vortex.com ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, Cable & Wireless USA, Cisco Systems, Inc., and Telos Systems. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS Web Tracking and Data Matching Hit the Campaign Trail (Lauren Weinstein; PRIVACY Forum Moderator) Who owns your mailing list? Topica.com may have bought it. (Allyn Weaks) Re: Defective crypto in Netscape mail password saver [V08 #20] (Ethan Benson) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are via an automatic list server system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the list server system. Please follow the instructions above for getting the list server "help" information, which includes details regarding the "index" and "get" list server commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com/". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 08, ISSUE 22 Quote for the day: "As long as they can think, we'll have our problems..." -- Eros (Dudley Manlove) "Plan 9 From Outer Space" (Reynolds Pictures; 1959) ---------------------------------------------------------------------- Date: Thu, 23 Dec 99 20:40 PST From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Web Tracking and Data Matching Hit the Campaign Trail Greetings. In yet another example of the "if it's legal, someone will do it" school of data matching and web tracking, it has been revealed that the two leading Republican presidential candidates, Sen. John McCain and Texas Gov. George W. Bush, have contracted with Aristotle Publishing (http://www.aristotle.org) to target web users by matching web browsing habits and web site signup data with actual voter registration records. Apparently these are the only two presidential candidates currently making use of this service, as announced by an Aristotle spokesman. Aristotle, which describes itself as a "thriving, growing, profitable firm," provides "tools" to political campaigns to "influence public opinion" and "win votes." Their web site apparently can only be viewed if you have javascript enabled--without it you could simply see a blank page. You may have already been justifiably concerned about DoubleClick, Inc.'s tracking of your behavior over the web, but Aristotle takes consolidation of personal data to a whole new level, by actually combining the information that has been provided by web users (e.g. for various "freebie" web giveaways), with specific and detailed political data such as voter location and party affiliation information, obtained from voter registration roles. Maybe you wondered why you seemed to be getting something for nothing at those web sites, and what would really happen to that information you provided to them? Well, now you know. Welcome to the big time. Once you've been targeted by this system, you'll be presented with the designated candidates' political banner ads on at least 1500 web sites, including some major portal and news sites. Some of these ads, once clicked, entice the user to enter various additional personal information (some of which Aristotle says they don't record). Of course, to the average web user, there's no clue that they've been the subject of this sort of intensive data matching and rifling through their voter registrations. Most users would probably just assume that the ads popped up at random. Random? Surely you jest! And golly gee whiz Mr. Wizard, you guessed it, this is all entirely legal. Proponents claim that there've been no significant complaints about the privacy aspects of the operation (perhaps that will change?), and they also suggest that they're no more privacy-invasive than direct mail (wow, now there's a "high" ethical bar to be shooting for if ever I've seen one...) And in fact, Aristotle is obviously proud of the service, since they've posted at least one outside press account on their own web site. (Will this issue of the PRIVACY Forum Digest show up on there? They hereby have my permission...) Keep in mind that this is just the barest shadow of the sorts of "services" likely to evolve in the near future, given the "wild west" attitude which still prevails regarding personal information. It was bad enough when this only involved search engines and ads for offshore gambling or mailorder sales pitches. But the introduction of the political element directly into the mix should give everyone cause for some serious concern. I dare say that this calls into sharp focus the abysmal lack of regulations to control the handling and abuse of personal information, regardless of its various sources. The power of web data collection, tracking, ad presentation, and similar technologies, combined with other traditionally public record data sources (and voter registration roles are just the tip of the iceberg) creates a scenario that might cause Darth Vader to be jealous. But of course, it's also possible to hold opposing points of view. Maybe none of this actually matters? Perhaps some persons reading this might feel that there really are no significant privacy problems with these sorts of data collection and matching activities. Perhaps you're not all that concerned about who gets your data or how it's used? Regardless of where you stand on this issue, I'd be interested in hearing your views (please remember to send submissions for possible inclusion in the Digest to privacy@vortex.com). It does seem bizarre, however, that it appears to be impossible to register to vote in this country without subjecting yourself to these sorts of information manipulations, with apparently no real opt-out available. Given these developments, perhaps it's no wonder that whenever I see the glowing descriptions of plans for voting over the Internet (already a reality for one state's primary and high on the wish list for many states) I get a cold chill down the back of my spine... Until next time, all the best for the holidays! --Lauren-- lauren@vortex.com Lauren Weinstein Moderator, PRIVACY Forum - http://www.vortex.com Co-Founder, PFIR: People For Internet Responsibility - http://www.pfir.org Member, ACM Committee on Computers and Public Policy ------------------------------ Date: Wed, 22 Dec 1999 01:18:21 -0800 From: Allyn Weaks <allyn@teleport.com> Subject: Who owns your mailing list? Topica.com may have bought it. Who owns your mailing list? This may be old hat to some, but it was a shock to me. I own a non-free majordomo mailing list at esosoft.com. List owners generally pay for lists in order to have full control over content and the usual majordomo (or other list server) features. Two weeks ago, we started getting an odd message back when we tried to send admin commands to majordomo. I didn't think to save one, but it was to the effect that majordomo commands were turned off pending an upgrade. On Wednesday (15 Dec), just before midnight PST, we all received a email proclaiming "Your Esosoft Mailing Lists now Free!". Inside was a hyped up description of how all of our lists were going to be moved to topica.com in one week, and that this is such a wonderful thing because we can get royalties from the advertising that can be added to each message if we request it. (By default, so far, each message 'only' advertises topica.) Meanwhile, during much of this week, admin commands to esosoft's majordomo were disabled, making it impossible to get our subscriber lists or list settings, or maintain the lists, without going through esosoft support (who did a good job--she was as shocked as the rest of us and did her best to help us cope). One of the long time esosoft mailing list owners has estimated that about 1600 lists were affected. If we assume that there are an average of 300 subscribers per list, that's nearly a half million addresses. How much is that worth to topica? Well, if there are 1600 lists, esosoft is going to have to shell out about $40,000 in refunds to us owners, and they're almost certainly getting a hefty profit out of the deal as well as getting rid of the lists (they apparently want to use those ten servers for higher profit-margin virtual servers.) Meanwhile, there are at least a hundred of us who are irate that our subscriber lists have been sold to the very worst of the 'free' list sites without our permission (probably many more than a hundred, but some owners probably don't know how to find us, and we don't know how to find them). If we had wanted to do business with an Ads-R-Us site, we could have gone with onelist or similar in the first place. But being serious list admins, we were willing to pay out real money to have full control over content (no ads!) and to protect our subscribers. All gone for naught. Worse, even though many of us frantically told esosoft and topica to cancel the transfer before subscriber lists were moved, and were assured that this was done, we found out this afternoon that the 'deleted' lists on topica have been recreated and the subscriber lists as of Dec 17th handed over anyway. (Note that between the time we received notice and the time the lists were copied for transfer, majordomo was disabled and there was nothing we could do about protecting our subscriber lists, even assuming that esosoft wouldn't just rip them out of a backup set.) As far as I can tell, esosoft is covered legally, because the buyout is called a 'partner arrangement' and esosoft can assign who actually handles the lists we've paid for, even though the services are not even remotely comparable. Now that it's happened, we've been trying to find other mailing list suppliers, only to find that topica has been approaching and trying to buy many of them out. A few are proud to have refused and are using that as a (very good!) selling point. Some have already sold out just as esosoft did. Some won't say whether they've talked to topica. We've also found lists on topica that have never had any known association with them, or with any provider who has had association with them. Some of the lists that show up at topica have been run from their start from private virtual servers, but topica lists them in their directory anyway. We don't know yet if they're active in any way but are working on it. Topica does have a copyright/privacy statement. But according to an ex-esosoft list owner who's stuck with topica until she can make other arrangements, a topica account rep said in the topica listowners mailing list that the statement published on the web isn't the current policy! It _should_ read: "Topica does not claim ownership of the Content you transmit through Topica's Service. By transmitting Content through Topica for distribution to your Topica List, you grant Topica a world-wide, royalty-free, and non-exclusive license to reproduce, modify, adapt and publish the Content solely for the purpose of providing Topica's hosting, archiving, subscription, and promotion services. This license exists only for as long as your List continues to be a archived at Topica and shall be terminated at the time your Topica account is terminated." Note the bit about 'promotion services'. So they don't claim 'ownership' of everyone's work, just the right to use it however they darned well please. None of us in the former-esosoft-listowners group would ever have knowingly agreed to such a thing. So, if any of you run mailing lists, make sure that your contract says that none of the list information will be transferred to any other party under any circumstances, _including_ partner arrangements. Better yet, invest in a virtual server and run the list server from scratch, with clear and strong warnings to any potential hijackers. Side note: topica.com is the most annoying site I've ever been forced to try to use. You can't get anywhere to speak of without images .and. cookies .and. javascript all turned on. Ads with associated cookies from a wide variety of servers pop up every few seconds. Horrible bugs, too: people who subscribe to one list find themselves subscribed to multiple lists, and the same for unsubscribe. Truly a nightmare. The most disturbing thing of all is that some people don't mind it! If any readers are ex-esosoft list owners in search of the support group, let me know and I'll point you in the right direction. -- Allyn Weaks allyn@tardigrade.org Seattle, WA Sunset zone 5 Pacific NW Native Wildlife Gardening: http://www.tardigrade.org/natives/ [ Letting any outside entity have access to one's complete mailing lists is an extremely risky business. The safest route (and the one I've always followed) is to maintain 100% control over the maintenance of my lists and related distributions. Unfortunately, this option is not practical for many persons, resulting in the sorts of surprises described above. -- PRIVACY Forum Moderator ] ------------------------------ Date: Sun, 19 Dec 1999 17:40:48 -0900 From: Ethan Benson <erbenson@alaska.net> Subject: Re: defective crypto in Netscape mail password saver [V08 #20] On 19/12/99 Gary McGraw <gem@rstcorp.com> wrote: > defective crypto in Netscape mail password saver... Hello, I would like to comment on this issue, while the problems you raised regarding the ability to snag the preferences data remotely via Javascript exploits is indeed a serious problem, the issue of Netscape using weak encryption to protect the saved mail passwords is not. In fact I believe it would be better to simply save them in plain text. Why? because it is absolutely impossible to save mail passwords securely for use in the manner, and saving them in plaintext offers no false sense of security. The reason people save the mail password as you say is to avoid the need to type it (and thus remember it) every time they wish to check their mail. In order for any encryption algorithm to grant any security a secret is needed, this is in the form of the secret key used to encrypt the data (in the symmetric sense) this key MUST be protected. Otherwise all the security the algorithm provides is moot. Since the user is obviously unwilling to provide the secret to the mail client (otherwise they would just enter the POP3/IMAP password every time) the mail program must use the SAME HARD CODED KEY to encrypt the user's mail password with. This approach is fundamentally flawed, Netscape could use 128 bit CAST5, Blowfish, Twofish, 3DES, whatever and it would be no more secure then just saving the password in plain text. This is so since all it would take to `crack' the encryption is to run Netscape through a debugger (or any other form of reverse engineering) until the hard coded secret is discovered, then one can simply decrypt any saved password with the same ease as it can be done now with a XORed or plaintext password. The security of the saved password must be kept by the Operating System NOT the individual mail/ftp/whatever utility. There is NO WAY for this data to be securely encrypted without asking the user to keep and provide the secret needed to encrypt and decrypt the password, therefore the program itself has no means to protect this data. The Operating System has two primary means it can protect this data: File permissions: the various Free Un*x variants (GNU/Linux, OpenBSD, FreeBSD etc) all provide this and will keep these files much more secure then the completely open MacOS/Windows environments. (this does not protect against remote access bugs such as the Javascript bug, and has limited defense if someone gains physical access. though it at least requires rebooting and/or tampering with the BIOS or a boot floppy in cases where physical security is kept in mind) A strongly encrypted OS level database: this would be a database that is encrypted using the user's login password used to authenticate to the OS, this allows the user to only need to remember and type a single password instead of many. This approach could possibly have exploitable attacks through a hostile program surreptitiously accessing and downloading all saved passwords once the user has unlocked the database. It also creates a single point of failure where one password being compromised leads to all saved passwords being compromised along with it. this however is already a problem since, as you say many people already use the same password for everything (foolish IMNSHO). Such a program would also suffer problems being restricted by the US's encryption export regulations. A final aside, any such utility for saving a large number of passwords in a secure manner should never EVER be trusted unless its complete source code is open and available for peer review at a minimum, and preferably is Free Software (www.gnu.org) that may be repaired and enhanced by the people themselves. Any closed source proprietary solution (*) to this problem should be viewed with the utmost scrutiny, and IMO should not be used at all. (i would prefer to just save passwords (of medium to low importance) into a GNUPG or PGP encrypted file in case I forget and simply memorize my passwords, rather then to trust some huge organization more interested in money then my security or privacy) (*) such as Apple's `Keychain' and Microsofts various APIs for saving passwords in .PWL files and such. If you are interested in a more technical and detailed discussion of this issue I believe it has been discussed significantly on the BugTraq mailing list, consult its archives. www.securityfocus.com -- Ethan Benson ------------------------------ End of PRIVACY Forum Digest 08.22 ************************
Copyright © 2005 Vortex Technology. All Rights Reserved.