Random discussion - Internet privacy, etc. LONG.

[Geirr]

http://www.kumoricon.com/forums/viewtopic.php?p=49103&sid=8aa699ced2bfaa67369dcff0b8ebb50e#49103

Hi there - this topic popped up on an AMV discussion thread and since it (a) may bring out some interesting opinions and discussions, and (b) it has nothing to do with AMV's I decided to move the thread HERE.

Please be assured that -NO- statements here - agreement, disagreement, whatever - will have ANY bearing on how the AMV contest or show runs, whose AMV's get played, or sequence (that stuff was already decided 2 weeks ago by the judges' panel.)

Anyways, here we go: [ABRIDGED RECAPS]

My problem with the Sakuracon page is that UNLESS you give up your PRIVACY, (usr_name & pw) you can't -DO- anything.

Isn't that a bit "Big Brother" paranoia working at you there?
Just thought some other thoughts should come up about such things.

Very good points s_l. Much of a person's opinion comes from past experiences.

When I was travelling in the USSR in 1982 with other Americans, our hotel rooms were bugged. It meant that if you wanted to have a private conversation, you had to meet in the bathroom and whisper over a sink full of loudly running water. That was kinda my first experience with a Surveillance State. Then when I lived in Japan for 2 years, by LAW that I -HAD- to carry either my US passport or the government-issued Alien ID card.

So, during those and other times when I stepped outside the US and looked back in, it made me realize was how important it was that (in contrast) the US is a place where, you can drive to Meridian, Mississippi, pay cash along the way, and NOBODY has any sort of automatic RIGHT to know where you are. Think about that - I think it's really cool. If you're single, that freedom is especially exciting. You can stop anywhere along the way, step out, and walk with nothing but soil, sky and YOU.

When you mail someone a package or something, aren't you giving away your address to whoever sees/touches the package?

You can still send letters under 1lbm with a stamp and no return address. If you never get your fingerprints on the paper and do not lick the stamp yourself (DNA) then it would be just about impossible to track where it came from. And that's not (afaik) illegal. Yet. But it's an important option.

My parents work online in the book business and they get addresses from all sorts of places, if they had malicious intent they could easily store each one of those addresses, look them up on google and find out all that information.

At the same time, many retail stores need that information for their own data. Markerters need to know their customers such as what gender they are, what their income is and just who they are.

This is where marketeers and ad-folks have confused NEEDS with WANTS. They certainly do want all that info - free - but it's not their right to actually get it.

Examples where s_l's points have some validity, IMHO, are when you are depending on, or expecting some kind of promise or trust such as a purchase on credit, or a purchase in which I am expecting warranty protection. Many of us are trusting that con staff will NOT use their address list to rob people's dorms, apartments, and homes while we are all at the con. And to fear otherwise (imho) WOULD be out there in the tin-foil pyramid hat range of paranoia.

But if I go to Barnes & Noble, select a $6.95 book, and put down a $10-spot to pay for it, the marketeers do not NEED to know who I am.  Their not being able to know (in an anonymous cash transaction) is 'normal' to me. So, at that moment I am paying cash, if someone asks for my zip code, the -polite- version of the correct answer is 'No, thank you.'

Even if you are buying a book by "sivaD L yenneT." (reverse the letters and Google the author.)

Similarly, I compare web pages and billboards - the company that puts up the billboard has no way of knowing WHO is looking, WHEN, what demographics, etc. Keeping that disconnect from identifying who is receiving the message is very important to me, and I retain that outlook when I surf the internet.  Not being identifiable to the web-page owner is 'normal' to me - just like I can walk into an auto parts store and I don't have to identify myself. The guys at the counter might try guessing what kind of car I drive based on the parts I pick out (and make even more guesses about my income level, job, sports, active/outdoors vs. mundane, or whatever) - but then again I might be buying something for a friend's car. Too bad - they guessed wrong.

Same goes for browsing anime stuff on an on-line page. If I have to 'register,' they might as well have locked the front door - I'll be shopping elsewhere, or I'll get a proxy person to buy for me.

Broadcast TV & radio cannot identify WHO is listening, so that's 'normal,' and one of the reasons I avoid cable and TiVo. No one has a RIGHT to know what I watch, and I feel better knowing it would be nearly impossible  for someone to compile a profile on what I like, except at significant expense.

What happens if the market profilers get it WRONG?
http://www.bmedia.org/archives/00000223.php
[This article appeared in the Wall Street Journal a few days later, in December 2002.]

Another thing - if marketers can identify you positively, then you may never receive a coupon for something which is already your favorite brand.

Questions: what do you (anybody) think of the idea that your health insurance company might tap into your debit card or club-card records, and raise your rates becuase you bought cigars for your uncle, and they thought it was YOU, and cancel your non-smoker's discount. Or raise your rates because you buy real butter instead of canola oil margarine.

Also, does anybody here trade food club cards around?

If everyone didn't log in, how would we identify anyone. How would we know it's actually you G?

This is kind of like asking whether or not it's really necessary to know who-all is in a chat-room. For me, I'd say most times it isn't. That's the way CB side-band clubs and some ham radio clubs work: everybody who buys a set and tunes in at a certain frequency gets to participate - it works like a chat-room - except:

ADVANTAGES: no logs are kept, it's very difficult to locate someone, you don't need to recite a license number or equipment ID# to communicate. You can still have lots of fun, meet new people, and exchange ideas & opinions.

DISADVANTAGES: you can't ban or kick out a troll, you also don't know who else might be listening silently (so you don't give out phone numbers, addresses, or -duh- credit card numbers on the air.)

In radio chat clubs, the degree of positive personal identification comparable to a usr/pw combo generally recognized as 'not really necessary.' It wasn't impossible though, even in the ancient _._. ._ _ days. That sort of identity was known as a 'fist.'

Comments?

- G

[Kouta]

Your internet service providor also tracks what you do online as well. When your IP is active, how much it is active, etc. Also if you use the same alias in alot of places it becomes easier to be tracked by someone that so wishes to do that (unless you have a very generic name like mine, but you can still track me based on my myspace information).
Also, people have thier own style of writing. If a person consistantly writes long-er messages eventually that could be tracked to you. See the unabomber how it was his brother than identified him based on the writing style.

As for comments. Companies collect data somewhat anonymously about you every time you are on the internet. If its only something like one more person visited that site... to ip x.x.x.x connected to website.com at h:m on mm/dd/yyyy and transfered q amount of data.
... and for the auto deal. I don't believe there is a way to fully keep yourself anonymous when doing an oil change, and still being legal. Like I need to write down my name when I bring my oil to the recycler, and when I am at jiffy lube or equivalant they have my license plate in thier computer and my address. I am sure i could ask that that info not be put in there... so i guess there is that way.
Also, when people become super paranoid about thier identity is when those people become more of a target and constantly watched until they slip up and give out some information.
Personally I think its good to keep your identity as safe as possible, but my name and other info might be attained...

[HaSanGo]

When I was travelling in the USSR in 1982 with other Americans, our hotel rooms were bugged. It meant that if you wanted to have a private conversation, you had to meet in the bathroom and whisper over a sink full of loudly running water. That was kinda my first experience with a Surveillance State.

There are other reasons for the circumstances most likely but you don't have to go into the details, that is actually irrelevant but there are circumstances for instances like you encountered that doesn't happen to everyone. Just so you know running a sink of running water, turning up the radio really loud doesn't effect listening devices. Those noises are easily removed from the audio track. When dealing with a listening device the only sure method (other than turning it off or destroying it) is to write your information down. But if you were being watched then you have to have a means to destroy the paper.

This is where marketeers and ad-folks have confused NEEDS with WANTS. They certainly do want all that info - free - but it's not their right to actually get it.

You would be surprised how much information is public domain information and anyone that wants, needs or knows how to obtain it can. For example your DMV records, criminal record and certain court cases are all public domain. I don't need your social security number to even get that information just your first and last name, maybe your city but in most cases everyone already has that information.

Examples where s_l's points have some validity, IMHO, are when you are depending on, or expecting some kind of promise or trust such as a purchase on credit, or a purchase in which I am expecting warranty protection. Many of us are trusting that con staff will NOT use their address list to rob people's dorms, apartments, and homes while we are all at the con.

Since you pay cash and never return any information then it will also become harder for you to return items if they have an issue within the first 30 days. If you are going to send it into warranty repair to the manufacturer instead of going through the retailer then you will be providing them with a lot more information. The reason it is there is so that I know you are truly the person who purchased the item. Instead of someone who found a receipt for something (or was given it) that has no name, just cash purchase and they found an item at another store for either cheaper or stolen item, then went to the store to return it with the receipt. The store itself doesn't have a way to track if it is stolen but once it gets returned back to the manufacturer that may turn up. Since there is no name on the receipt most retailers won't accept it. On the chance that they do, they'll still require you to put in your information and match it with your driver's license. This isn't a form of "big brother" or marketing scheme it is just in case you are ripping them off, the item is stolen, etc.

Even if you are buying a book by "sivaD L yenneT." (reverse the letters and Google the author.)

I am amazed you did this. It is ok to look up explosives on the internet, even the application of creating and using. This isn't China. To even be paranoid that you can't just type out Tenney Divas just really astounds me. It isn't like suddenly someone is going to trace my ip, get my city information, check that ISP information then break down my door. Although all possible simply through an IP address, they could trace to what ISP, what city that IP was issued and to whom at what time.... you've just given people that information by just visiting the website. Also if someone was actually doing a search, you can define your search to look up words backwards so by reversing it, it does nothing really.

Not being identifiable to the web-page owner is 'normal' to me - just like I can walk into an auto parts store and I don't have to identify myself. The guys at the counter might try guessing what kind of car I drive based on the parts I pick out (and make even more guesses about my income level, job, sports, active/outdoors vs. mundane, or whatever) - but then again I might be buying something for a friend's car. Too bad - they guessed wrong.

Have you worked retail before? I can honestly tell you that the guys behind the counter could care less what car you are driving, they just want you to get your item and get out of the store. There are a couple that play a game to guess the car, which they usually ask at the counter to verify that you are getting the right part. Wether it is your car or not, they could care less.

Broadcast TV & radio cannot identify WHO is listening, so that's 'normal,' and one of the reasons I avoid cable and TiVo. No one has a RIGHT to know what I watch, and I feel better knowing it would be nearly impossible for someone to compile a profile on what I like, except at significant expense.

But do you really know that? I mean honestly what if the manufacturer just tracks the channel setting your tv, that information is then broadbasted via cell phone signal to a database that contains what "broadbast" channels you are watching. Then they just need to cross-reference the channel, to the time the tv was on. Although possible, highly not probable. Why do you feel that someone would want to or need to compile a profile on you?

Questions: what do you (anybody) think of the idea that your health insurance company might tap into your debit card or club-card records, and raise your rates becuase you bought cigars for your uncle, and they thought it was YOU, and cancel your non-smoker's discount. Or raise your rates because you buy real butter instead of canola oil margarine.

That would be an insurance company we wouldn't use. Business practices, espcially now with the internet, is easy to find out. Anything that someone might find questionable can be found so any business that operates with questionable intent is easily found. That goes not only for the bank releasing my records without my persmission, club cards, etc. I'd love for them to even try it because that would mean that I'll soon be receiving plenty of money in a lawsuit from them.

This is kind of like asking whether or not it's really necessary to know who-all is in a chat-room. For me, I'd say most times it isn't. That's the way CB side-band clubs and some ham radio clubs work: everybody who buys a set and tunes in at a certain frequency gets to participate - it works like a chat-room - except:

Comparing the internet to broadcast TV, CB/Ham radios is like comparing apples and oranges. Sure they are both fruit, types and methods of communication but their applications and methods of use are completely different. The "ID" that is in use (which no one said you had to use your real name or an ID you use) is just used as a means to ban, kick, control the user since you are using "their website". As such anything discussed there could be used against the site or in some cases can hold the website accountable. Identifying is just a means to ban/kick since IP address alone is not enough due to proxy servers. For example I have an email used for business only, personal & family and even multiple SPAM accounts. The SPAM accounts are used for signing up at any website, contest and people who I don't know personally. None of the SPAM accounts even have my real information, it is all an assumed alias. Just an ID to associate to me, it means nothing. This isn't China where everyone is 100% watched, when you type something on the internet is recorded in a military database or Korea where you need you KSSID (basically their social security number/ID) which is used for everything to identify the user.

There is being safe and not giving out certain information to protect your privacy, but then there is being so paranoid that you actual go to such extremes just seems rather ridiculous. Just from reading this, without knowing you, it would be hard pressed for someone to not suspect that you would be the next "Unabomber". I don't think you are but I think you underestimate the measures you've gone to protect yourself, really don't protect yourself that much. The basics don't give your password out, don't give social security number, always inquire when people ask for more information what it is for, etc. Some things like message board forums when they are using software that encodes and protect users. For example with the ecoding that phpBB uses someone isn't going to be able to get your password, if that was cracked then everyone would know of this in a matter of days. There are other security flaws with phpBB if updates aren't kept up but they wouldn't revolve around passwords. Not to mention no one said you had to use your real name or even enter anything like location, sex, etc all of which are usually optional.

[Irate Beldam]

*Looks at all the text.*

I wish I was smart enough to say something intelligent. ;_;

[Geirr]

When dealing with a listening device the only sure method (other than turning it off or destroying it) is to write your information down. But if you were being watched then you have to have a means to destroy the paper.

We did some of that too - including times when we wrote null messages (such as lists of numbers, random surnames, or city names - then cross out some of the list, or put a checkmark next to one or a few items,) roll it up into a ball, and toss it in a trashcan after a meeting at a cafe - about a block away. Often enough, there'd be some goon about 1/2 hour later, pawing through the thrash to get that crumpled-up note. What that did was a no-cost act (on our part) to consume somewhat more expensive surveillance resources so that it was wasted. ("Lead away a goat in passing.")

That also applies with your Unabomber bit too. This could be a key component to non-violent, non-criminal dissent against excessive surveillance: make sure that some resources are wasted monitoring non-criminals for nothing. Martin Luther King got people of his day to overwhelm the apartheid system here in the US in the 60's. So many 'normal, regular' people joined in non-violent protest acts - like sitting in seats you weren't 'supposed' to use, or drinking from the water fountain with the 'wrong' sign on it - that the resources available to enforce those racist laws became overwhelmed. The Jim Crow laws were destroyed.

BTW, Did you see the old movie 'THX-1138'?

You would be surprised how much information is public domain

Agreed - this is even more so when you hold public office, or if you in a profession requiring some sort of state licensure. Most State Boards of Whatever - have a handy-dandy website where John Q Public or  even somebody.ru - can punch in your license/certificate number to verify whether or not you are paid-up, or professionally current. Although this is supposedly to protect the public - you can make sure that your physician really does hold a medical degree and did indeed pass a state exam - the problem is that many of these state license-checkup sites serve up the licensee's HOME ADDRESS.

Examples where s_l's points have some validity, IMHO, are when you are depending on, [...] a purchase in which I am expecting warranty protection.

...If you are going to send it into warranty repair to the manufacturer instead of going through the retailer then you will be providing them with a lot more information. The reason it is there is so that I know you are truly the person who purchased the item. [...] This isn't a form of "big brother" or marketing scheme it is just in case you are ripping them off, the item is stolen, etc.

Agreed again - If I am buying something in which the warranty is a notable portion of the value: Hmm, car 'A' with 3yr/50K bumper to bumper guarantee, versus car 'B' with 7yr/100K protection, engine/drive-train only? In this sort of deal there is a mutual consensual exchange of personal info - I need to know what percentage of each model turn up customer complaints, where can I go to get warranty repairs, etc. The manufacturere doesn't want to get scammed into fixing all the cars in town with or without those extra protection packages.

But since I don't often return a fruit, or a case of beer, or a doo-hickamabob** I bought at Radio Shack - then if I pay CASH at those sorts of places, I get a little miffed when someone asks me for my ZIP code. I also recognise that the asker is most often 'just following orders,' so I simply decline politely.

**technical terms, I know...

Have you worked retail before? I can honestly tell you that the guys behind the counter could care less what car you are driving,

Those folks aren't the problem. What -is- a problem is that when buy an overhead-fnorble-deconverter** for $8.79, if I use my debit card then I end up in a database, and start receiving auto-parts junk mail at my home mailbox. I've reduced my junk mail significantly by paying cash (i.e, not handing out my address) at large chain stores which I visit only infrequently.

Have you ever seen how many YEARS the J.C. Whitney catalog will come to you after even the least significant purchase?

No one has a RIGHT to know what I watch...

But do you really know that? I mean honestly what if the manufacturer just tracks the channel setting your tv..

THAT to me - believing that RCA, Sony and Zenith know what's being broadcast and to whom, and where their TV sets are - would be rather paranoid to me....

Why do you feel that someone would want to or need to compile a profile on you?

...however, it's a lot easier (and more probable) that cable companies compile ratings data in the aggregate, rather than individualized indentification of what every LOYAL CITIZEN is watching. (There's the paranoid line again.) It's like the Neilsen ratings households - there is money to be made in telling big-bux studios who is watching what - especially if large swaths of fans can be identified, and especially if reliable predictions can be made that <syrupy ad-man voice> "If you liked -that- we're SURE your gonna like -this- </syrupy ad-man voice.> They are focusing on patterns and predictions in order to make the next batch of profitable shows - not trying to brainwash YOU specifically into certain specific future actions. (Paranoid insanity: "Yes, your honor, I -had- to shoot all the dogs and horses in my neigborhood 'cuz the guy in the little chuck wagon told me to as he rode across the kitchen floor...")

But that's not why I don't watch cable - I have other, stronger reasons why I decline the services currently offered: (a) I don't like any of the package deals I've seen, and probably more important (b) I just haven't seen much on TV since 1998 (when I quit watching) that I personally find interesting or entertaining according to my own tastes. I've been getting my entertainment elsewhere these years - mostly anime and reading. But that's not about privacy, it's more of "de gustibus non disputandem est." Which is a good place to let go on a forum board, but a great topic among any group of fans at a con: "What are you interested in, what pleases you, and why?"

I also find it a bit healthy that I haven't seen many TV commercials in - jeez - seems like decades. The Chuck Wagon mentioned above was firmly from the 1970's, although a quick internet search reveals that there was a reference to it in one of the early episodes of Family Guy.

Questions: what do you (anybody) think of the idea that your health insurance company might tap into your debit card or club-card records, ...

I'd love for them to even try it because that would mean that I'll soon be receiving plenty of money in a lawsuit from them.

Interesting Lawsuits:
http://directmag.com/news/marketing_musicland_sued_credit/
http://www.globalaffairs.org/forum/showthread.php?t=12342

no one said you had to use your real name or even enter anything like location, sex, etc all of which are usually optional.

That too opens an interesting question: for years I've been reading about the percentage of resumes out there which supposedly have innacurate or overstated information on them. Employers are now looking at forum boards and social networking sites to learn more about prospective employees, interview candidates, etc. I've read stories in the Wall St. Journal and also discussions on Slashdot over the past months about that - You get photographed at a con, and now you're trolling for a $128K management position, and the Beeg Cheeezes find you on myspace or eHarmony, and see (heaven forfend!) that you have a tat in an area that's not visible when wearing professional clothing. Or they see you cosplay, or you fight and dance in the SCA. Or you're in garb havin' a blast at a pirate festival. Or they see you with your arm around someone and suddenly they're making character judgements about you that have -nothing- to do with whether you'd be good at the job under consideration ...

"ZoMG - My boss just spotted my photo in NewType!"
(OK, that would mean at least he or she is also a fan, right?)

Comments?

[HaSanGo]

This could be a key component to non-violent, non-criminal dissent against excessive surveillance: make sure that some resources are wasted monitoring non-criminals for nothing. Martin Luther King got people of his day to overwhelm the apartheid system here in the US in the 60's. So many 'normal, regular' people joined in non-violent protest acts - like sitting in seats you weren't 'supposed' to use, or drinking from the water fountain with the 'wrong' sign on it - that the resources available to enforce those racist laws became overwhelmed. The Jim Crow laws were destroyed.

Except we are in a much different time than then. Most resources aren't used to monitor non-criminals, to that extent, unless there is actual reason to do so.

Agreed - this is even more so when you hold public office, or if you in a profession requiring some sort of state licensure. Most State Boards of Whatever - have a handy-dandy website where John Q Public or  even somebody.ru - can punch in your license/certificate number to verify whether or not you are paid-up, or professionally current. Although this is supposedly to protect the public - you can make sure that your physician really does hold a medical degree and did indeed pass a state exam - the problem is that many of these state license-checkup sites serve up the licensee's HOME ADDRESS.

Your home address is public domain though. Your whole record in the DMV from accidents to driving record to address, your criminal record, any court cases involved in civil court, etc are public domain. That includes your name, address and any information passed to those departments. Some felonies and other records are about the only thing that are closed, open to only certain parties but the other court information is public domain.

Those folks aren't the problem. What -is- a problem is that when buy an overhead-fnorble-deconverter** for $8.79, if I use my debit card then I end up in a database, and start receiving auto-parts junk mail at my home mailbox. I've reduced my junk mail significantly by paying cash (i.e, not handing out my address) at large chain stores which I visit only infrequently.

That is incorrect though. You don't receive junk mail because you used your debit card. The company itself has no information linked to the debit card other than the number. They can't take that number to get my address. Now if you gave them your address (which you don't to use a debit card) then there is a possibility you could get junk mail, depending on the company. Most companies these days will ask if you would like to receive information on sales, etc and saying no to that is enough to make sure they don't sell your information. However just simply using the debit card by itself does not put you in any database.

That too opens an interesting question: for years I've been reading about the percentage of resumes out there which supposedly have innacurate or overstated information on them. Employers are now looking at forum boards and social networking sites to learn more about prospective employees, interview candidates, etc. I've read stories in the Wall St. Journal and also discussions on Slashdot over the past months about that - You get photographed at a con, and now you're trolling for a $128K management position, and the Beeg Cheeezes find you on myspace or eHarmony, and see (heaven forfend!) that you have a tat in an area that's not visible when wearing professional clothing. Or they see you cosplay, or you fight and dance in the SCA. Or you're in garb havin' a blast at a pirate festival. Or they see you with your arm around someone and suddenly they're making character judgements about you that have -nothing- to do with whether you'd be good at the job under consideration

Fine with me, still wouldn't effect or bother me. Any job using that as justification to not hiring me, which it would be hard to prove, would find themselves in court easily enough. Unless it was a high profile public image job, in which certain images need to be maintianed. Any company feeling that I wouldn't fit in is probably a good thing, I'd never want to be a stifled environment where they would A) go to such lengths to check on my moral character B) aren't supportive of their employee's having their own interests. That isn't saying I haven't seen it, in a lot of higher society people espcially but those are more specialty jobs and they are able to maintain those corporate images. If that is what they want, then that isn't the job I would want anyways. Them finding a picture of me doesn't change who I am. Nor does it make me feel like my privacy has been violated espcially since I was in a public event, in the photo limelight and openly allowing pictures of me to be taken.