ITsecurity
twitter facebook rss

Falling into the PIT

Posted by on July 26, 2015.

Technology is a wonderful thing, but it is not private. Some recent great posts on itsecurity.co.uk regarding Ad Blocking and online tracking combined with a hot new topic in the States called V2V, made me ponder technology from the privacy aspect. If we think there is any privacy left with technology, we are really just hoodwinking ourselves. Let me start with V2V and then circle back to this online tracking and privacy.

The U.S. Department of Transportation will begin developing regulations for vehicle-to-vehicle (V2V) communication technology. In essence, your car will be “mandated” to talk to other cars. If the other car is a Lamborghini, I actually have no problem with my car letting out a loud digital wolf-whistle. However, I would like that to be my choice. Here is where the rub comes; Secretary Anthony Foxx stated, “Vehicle-to-vehicle technology represents the next generation of auto safety improvements, building on the life-saving achievements we have already seen with safety belts and air bags”. On this, he is of course correct – think about foggy conditions and collapsed bridges as quick examples. Being able to warn the driver in real time, smart. Thinking that it will stop with such use cases… dumb.

The early claim of V2V and privacy is that V2V technology does not involve exchanging or recording personal information or tracking vehicle movements. NHTSA states the information sent between vehicles will not identify those vehicles. It will merely contain basic safety data. Right… being able to localize a vehicle to an owner will never happen, at least not until power is applied to the onboard module. Some states are already experimenting with taxing by miles driven and insurance companies offer discounts for good driving if you elect to be monitored.

The problem with technology is all of these things start out making common sense, why wouldn’t we want to prevent accidents. Yet the other side of technology is that it always comes with unintended consequences. We always fall into the PIT – what I like the call Privacy Invasive Technology (PIT).

Let us jump back to that Ad Blocking / Tracking deal. I do use AdBlock Plus, Ghostery and Lightbeam. Yet blocking ads and tracking cookies are really just baby steps in the privacy battle.

Not long after browser vendors started offering Private mode, (which in essence does not save cookies or other traces) came the “Super Cookie”. Even the term Super Cookie has numerous definition because there are many variants. Some work in collectives where the issuer (domain) works in the background with a collective, such that different cookies issued by different domains all link back together in the cloud. However, even Super Cookies are passé.

It does not make much press but “Browser Fingerprinting” is all the rage these days. Your computer and smart phone give away all kinds of subtle information when you visit something online. Your browser user agent, your IP, your device ID, screen size, time zone, browser plug-ins, installed system fonts…etc. This information can be used for good, like a multi-factor factor for bank access. Conversely, like all things in the PIT, it can be used for bad. In 2010, Peter Eckersley of the Electronic Frontier Foundation set up a test. Some 470,000 users participated in his public Panopticlick project. Eighty-four percent of their browsers produced unique fingerprints (Ninety-four percent if you count those that supported Flash or Java).

So here we are in the PIT. We are all uniquely identifiable online if anyone elects to do it unless we go through a ton of reconfigurations each time we use our computer or smartphone. The Internet foundations were never made to be secure or private. V2V may start out with the best of intentions, but companies and governments, to invade privacy, will exploit it. V2V will also be hacked, for at least the fun of it at first. You can read more about browser fingerprinting here.

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: Expert Views, Martin Zinaich |