I’ve already mentioned that I’ve been thinking a lot about anonymity lately and today I was reading about a Tor hack on securityfocus.com. Doesn’t this totally defeat the purpose of Tor?! Why is it so difficult to be maintain anonymity? And why is it so easily taken away?
I was at a talk recently about the online black market. The speaker showed us some realtime irc “ads”. Criminals claim they have X number of credit cards, bank account logins, etc for sale or trade. They post a few so buyers can see they’re serious. There was lots of personal information flashing across the screen during the demo. I saw a guy with an Irvine address and thought, poor fella, I should call him. And tell him what? Oh, I was at a talk and those damn hackers had your name and address and bank info and everything.…What? No, I’m not one of them. I just thought you should know.
In my early 20’s, I dated a guy that used to do this kind of crap. And he didn’t even think twice about it. No moral qualms. Spent a lot of money that wasn’t his to buy a lot of things he then traded for more illegally gained things. It bothers me when people think that it’s ok to steal from big corporations because the little guy doesn’t feel it. Well, he does — he has to at the very least deal with his credit card company or bank and waste a countless amount of time sorting out the fraud. And eventually, stealing from corporations trickles down to all of us one way or another.
Have you read about all the personal data theft that’s gone on recently? Look at the TJX data loss results. And personal data loss isn’t uncommon. A couple of years ago, I got a letter from Time Warner saying they’d lost data disks with old employees’ personal data on them. Did I want a free credit check to make up for it?
There was a recent thread on one of the mailing lists I’m on about an atm scam to steal atm card info and pins, and how easy this is to do. The security speaker I mentioned above said he doesn’t even bank online — not because online banking was inherently insecure (because online banking is not inherently insecure), but because he wanted to keep his risk exposure low. I can’t imagine giving up online banking. Convenience trumps privacy and security too often. And I’m aware, but I’m just as bad as you about this. I don’t give out information if I can get away with it, but if it’s between giving up my ss# versus driving 30 miles to go somewhere in person, I might give up the soc depending on my mood that day. If it’s giving up my soc versus paying a deposit — I’ll always pay the deposit. Give up my last name on a first date to someone who doesn’t already know it? Forget it. We’ve already talked about where googling me leads to — my utter mortification.
I had to take Mr. Number Two to be cremated recently (he died on Feb. 22nd, 2007). They wanted my birth date and I didn’t want to give it to them. What the hell do you need my birth date for? They said if they prescribe any medication for my pets. Since my rat was dead and not likely to need meds, they let me leave it blank. But I knew I’d take Number 1, the 3rd in and was wondering if they’d ask for it when I got medication for him. They didn’t. Which made me wonder why they wanted it in the first place.