Friday, May 12, 2017

Your SSN, an Alternative, and a Privacy Review

Whew!  Every once in a while we need one of these - maybe not challenging, but one that makes both audience and presenter mental neurons to light up a bit more brightly.

SSN:  We started off with a CGP Grey video on your Social Security Card, the defacto identification card of America.  A card "... containing a national number for citizens that don't want one, on a identification card that fails at identification, given to all citizens - except when it isn't - for a program that's universal, except when it's not."  https://www.youtube.com/watch?v=Erp8IAUouus  (Triva: the SSN number shown in the video has an interesting history.  Homework: go look it up!)

For Consideration:  There is a way for a number to be given to all citizens which could be used for identification without that number ever being directly disclosed.  And, if your (secret) number is not given to anyone, it becomes much harder for others to steal it and pretend to be you.  Read that again -  at first it sounds impossible - how can you use a secret number for identification without ever telling anyone that number?  That is the beauty of "PKI", a Public Key Infrastructure, which uses a mathematically proven method for identity verification.  This something I've talked on before, and will continue to approach from different angles.  Next time: using PKI to eliminate passwords.

Stupid Congressman Quote of the day:  (in response to relaxing restrictions on ISPs) "The Internet is Optional" - Jim Sensenbrenner (R-Wisconsin.)  As one comment said, I challenge him to run for re-election without he or his staff using the Internet.  That includes, no email, no mobile phones, and no computers.  The internet is as optional as indoor plumbing, cars, or electricity.

Net Neutrality:  The current administration is trying to revoke restrictions on Internet Service Providers that ensure equal access to the Internet to all customers and content producers.  John Oliver again stirs the pot with another very funny diatribe.  <link>  The FCC tried to hide the link for comments deep on their website, but they found it; here is a direct link for you to submit comments to the FCC about this issue:  http://gofccyourself.com.  Recommended!

Proactive Privacy, Really!  Steve Gibson of GRC.com has a weekly podcast on the TWiT.tv network called "Security Now."  Among other things, episode 607 dealt with the methods that others use to track you on the Internet and the actions you can take to thwart that tracking.  This ~2 hour podcast is available in video, audio and text versions at GRC, TWiT, and YouTube:

The pertinent section starts at 1:43:40 into the video.  Starting at slide 33, the presentation below supplements the video with the points presented.



In brief, Gibson covers:  The tracking industry and methods of tracking you (IP address, Cookies, HTTP redirection, Browser Plug-ins, Meta Data, DNS, web sites, ISPs) and protection methods (Incognito mode, VPNs, TOR, VMs.)  If you really don't want to be tracked you have to change your IP address, change you browser (and preferably your computer), use a VPN, use incognito mode, never login anywhere, use DNS crypt and turn off cookies.

All this is not cost free.  Aside from an paid VPN (free VPNs are not to be trusted) many web sites will break, and of course, any eCommerce and eMail will be impossible.

No comments:

Post a Comment