In the film Citizenfour , Jake Appelbaum is seen briefly give a security primer for activists. He speaks link: what happens when you provide two pieces of identification at the same time, and how it means they are always linked. The identity should not be an identity card; it could be a metro card or a mobile phone
The danger to privacy does not primarily lies in when you log in using a method -. MAC (unique address of your network card), IP address, credit card, login, IMEI (unique identity of your phone), et cetera. The danger when two of them are interconnected.
This is not the tracks you leave behind. It is the combination of different tracks you leave behind, and the intersections of these tracks.
If ever you're using your laptop on a Wi-Fi network, the network knows when it's back to you, for example, because the wi-fi component on your laptop comes with a unique name. This unique network component name (called a MAC address) can be shared across networks, and only one of them need to know something more about you, for each of them to know about you. Did you ever use a credit card somewhere to get access to a public wi-fi, for example? Enough to every public wi-fi to know you by name -. Not only move forward, but historically as well
This is why it is crucial not to link the accounts together. Do not use your primary email when signing for a anoymization service. Do not use your regular credit card or a credit card with your name at all, or a first credit card when signing with an anonymization service. (There are four, I wrote that you should never trust a VPN service that accepts bitcoin. PIA accept Bitcoin, of course.)
More importantly, the cross has not to be automatic, nor to occur simultaneously.
Let me take a concrete example of the Swedish Pirate community to illustrate this in practice. It was five years ago, there was a new person in the comment field that claimed to be 20 something woman pirate sympathizer, but that was quite aggressive and inflexible to change things radically. Overall, this person acted rather abrasive and demoralizing in the comment field on a number of blogs
We did not know who it was, but we had a feeling that something was not quite right -. That person was not who they claim to be. So a group of us used the only thing we had - the IP address of the comments - and just kicking the WordPress search field on two dozen different blogs, each on their own, much greater scope than that in which he had been demoralize the community.
Bingo. The same IP was used almost a year before on a totally different blog for two random snarky comments. Now, that would not normally be enough to claim was the same person. - If there was not the same style and language that this person was actually a 50-something with the copyright industry
This is what we have do using nothing but a stock WordPress install, no web server logs, nothing.
(How we use this information? One of us asked in an answer to a sarcastic comment, "Ohai again, Y. you use the same computer that a person named X used ago one year. you two know each other? "the so-called 20-something woman was never seen again after that.)
now, it was a concrete example of something that is not built monitoring at all, simply using two different sites in a dozen nonprofit community. Then consider for a moment what the IMSI sensors, and TimeStamp boxes that record the identity of each mobile phone from within a range of 500 meters, are able to do when they are deployed in tens of thousands. (Changing your phone is not enough - if you repeat the same pattern that you have done with your old phone, all unit as the travel schedule or society or similar, you are very likely re-identified .)
Privacy remains your own responsibility.
0 Komentar