The Privacy Richter Scale 75
Hugh Pickens writes "Jay Cline writes that not all privacy issues are created equal and proposes a privacy Richter scale to rank the bad things that could happen to our privacy. A privacy Richter 1 or 2 event is a temporary bad turn for you or a handful of people, but nothing systemic, posing no lasting harm to individuals or society as a whole. Examples include receiving someone else's mail, having someone expose something embarrassing about you to co-workers or friends, or losing your wallet or purse. Privacy events measuring 4 to 7 on the scale are risks that can cause real and lasting damage to a lot of people and include stolen laptops containing thousands of Social Security numbers and credit-card numbers that would allow identity thieves to make fraudulent transactions that could impact credit scores for years. Finally events topping 8 are points of no return for large numbers of people and society as a whole. DARPA's Total Information Awareness program, proposed in 2002 and defunded by Congress in 2003, would have topped the scale. 'The massive collection of data about U.S. citizens could have created a perpetual bureaucracy that put at risk our right of due process and protection against unlawful search and seizure.' So where does Google's plan to consolidate its 60 privacy policies into a single approach rank? 'The current change ranks at a 3,' writes Cline. 'Larry Page's company will weather this change. I don't see irreparable or lasting harm or loss of liberty. If you don't like Google, use Bing. Don't watch weird things on YouTube. You shouldn't be sending confidential things through Gmail in the first place.'"
Re:If you like privacy... (Score:5, Funny)
Don't leave your house
Then they still know where you live... :p
Re: (Score:3)
Re: (Score:1)
Re:If you like privacy... (Score:5, Insightful)
Knowing everything about everyone is certainly the direction we are taking the medium term ; but the society is not ready to cope with that, yet.
Re:If you like privacy... (Score:4, Insightful)
Re:If you like privacy... (Score:5, Insightful)
It's also a way political correctness may be enforced in future. Never say anything offensive or contriversial to or about anyone anywhere under your real name or anything that can be linked to your real name... ten years down the line a potential employer might find it while googling you, judge you a potential liability or source of workplace discord and throw your application in the bin.
Hmm gets worse than that.... in 10 years time whats "politically correct" may have shifted and all those 'Gingers have no soul' posts may come back to roost.
Re: (Score:2)
Hmm gets worse than that.... in 10 years time whats "politically correct" may have shifted and all those 'Gingers have no soul'
posts may come back to roost.
Well, if that ever comes up you can take comfort in the truth being the ultimate defense.
Re: (Score:1)
I've always said that it should be a matter of solidarity that everyone should say and do at least one thing outrageous to society, i.e. say something which people consider abhorrent and break some minor law. Then no amount of recording of words or deeds (e.g. criminal records) puts anyone at a disadvantage.
For example - and this one requires coordination - in the UK it's illegal to draw a picture of a minor doing something sexual. In response to this item [slashdot.org], an appropriate exercise in civil disobedience woul
Duke LaCrosse players (Score:4, Insightful)
Remember a few years ago when those Duke LaCrosse players were being prosected for rape?
On 60 Minutes, that Lelie Stahl said something to the effect of , 'why are you parents fighting so hard? Make a deal.'
The parents responded, 'because in this day and age of Google and the internet, their names will be forever tied to this People will dearch their names and this will come up. They will never get a job or they will be tarnished for the rest of their lives - unless we get every single charge dismissed.'
Stahl, 'Oooh, I didn't think of that.'
And as for potetic justice, the prodecutor, Nifong, has been dibarred [cnn.com]
I just wish every prosecutor who tried to "make an example" to boost his political career would be disbarred.
Re: (Score:2)
this one thing you did 10 years ago you forgot and hope everyone else forgot will remain as the main thing you did in your life.
that's only if that's the ONLY thing you ever did. the obvious thing is to just do something that pales in comparison. and then something else.
Re: (Score:2)
Actually you need a tin foil hat big enough for your house, otherwise google earth will find you. Oh wait.. too late.
Re: (Score:2)
this is what pisses me off (Score:5, Interesting)
"You shouldn't be sending confidential things through Gmail in the first place.'"
I'm not saying this is bad advice. But the fact that it is not bad advice, REALLY PISSES ME OFF. Not because I even use gmail- as I was hosting a squirrelmail server for my older brother and family before gmail existed, and don't store any quantity of my email on a corporate server for any length of time. But because gmail is what _everyone else_ is using for their email (to the extent that the younguns who won't get off my gedanken lawn use email at all, vs facebook). But enough about my lawn... my point is, that as a 36 year old computer engineer, who literally came of age in college during the deployment of the internet to the masses, then a decade later saw the T.I.A. etc... It's just so, so, sad. Maybe I was naive, but it really felt like people used to have an _expectation of privacy_, for things as basic as person to person long distance communication. E.g. snail mail and phone calls back in the days. These days, I honestly suspect that even when my cell phone appears to be off, that the government and other organized criminals, can and do listen into to my home. I.e. "the walls literally do have ears". But even setting asside that paranoia, and returning to the mundane level of paranoia/common-sense in the quote I'm taking issue with (don't use gmail for confidential communication), I just can't express how sad and disappointed with society I am, even with that level of paranoia now being accepted as common sense. I mean- people need to have an expectation of privacy. They need to feel like they can talk about confidential, personal, private things with their friends and family a hundred or a thousand miles away. And it really just isn't feasible. You still have to practically be one of the 1% tech illuminati to use encryption and actually feel like that even matters. Honestly, I'm the computer engineer, that perhaps a clinically paranoid schizophrenic, has just given up. I figure just using browsers and visiting sites requiring closed source browser plugins (read: the internet), probably makes my entire system insecure to the point that using encryption is pointless, even if the gubernment can't already crack that at will (or will be able to crack the recorded logs a few years down the line when either quantum computing works better, or they just find an obscure flaw or weakness combined with more brute force and the current systems). I dunno man... It's just sad. I had this vision of the internet actually allowing long distance communication of confidential things. Like minority political and philisophical discussion. But no, the world turned out to the point where people just deal with the fact that even though the tech is there, because of attitudes and government surveillance, we just shouldn't try to have confidential exchanges of communication except in person. Sigh... I hate america. And it may be the best of the lot. sad, so sad.
Re: (Score:2)
This is a good post. mod it up.
i do think much of the problem could be solved w/ a little more applied crytpography. see effs https everywhere campaign. if we encyrpt 95% of the traffic going across the wire, sniffing the remain becomes close to pointless.
Re: (Score:3)
Re: (Score:2)
Re: (Score:3)
Sorry but until HTTPS is done correctly it will do exactly squat in actual privacy. What you say about sniffing is true, but it just redirects the problem it doesn't solve it.
The fact that my bank gets all of the security certificates from a third party makes the actual security of the system non-existent (as demonstrated by countless authorities getting screwed).
When people start doing it right, and issuing self-signed certificates with credentials we'll be getting somewhere. Once my bank gives me a certif
Re: (Score:1)
The idea being the certificate being transmitted through a really trusted channel. Like getting it on a CD or thumb drive or as a QR code or whatever from the person you open the bank account with in the actual bank office.
That would make it more secure than a purely online transaction where a hackable certificate authority is telling you that the hackable banking website is authentic.
They would have to physically "hack" a fake branch of the bank into existence in your town. Which is harder. (Although not c
Re: (Score:2)
Although true, I was intending (for banking purposes anyways) that they would physically provide you with the certificate, it isn't actually required.
Say for an account on WoW or the like, right now I'm trusting that the site is the right site based on VeriSign or something, which poses a problem because I don't have a trust relationship with them.
If on the other hand, WoW issues me a certificate at the same time as my credentials, I know who it's from. Yes it could be from a spoofer, but in that event they
Re: (Score:2)
Although the other person who replied to you is in fact correct, it would be handed out much like PINs are now (either set in branch or sent via registered mail) I have to ask:
If you've got my credentials, why would you care about the certificate?
You're being stupid.
Re: (Score:2)
Tell me, what is the big bad, evil Googles going to do for me for sending email through their server?
Provide that information (whether by court order, simple sale, or some other mechanism) to someone who can do other things besides "target you with ads".
Re: (Score:3)
"The privacy advocates have to tone it down to things people actually care about before they will get anywhere."
This.
1) The internet is about copying. If you put your data out there, it's going to be copied all over.
2) If you don't want to pay for your page views through ads, then start giving out your CC #. It needs to get paid for some how.
3) Data collected by Google/etc isn't just for ads, that data also helps improve their searches.
Many privacy advocates are just as bad as politicians. They don't know w
Re: (Score:2)
It appears that if you are a private person, you look like you got something to hide. I'm afraid that wanting privacy will be a black mark...
You don't need to be so afraid of what others think. There will be attempts by others to check you out. It's using technology to try and determine if you are in some way a threat.
If their check doesn't turn up anything, then "great". They will be just as overworked, rushed, and stupid as everyone else. The threat in this senario is more overarching laziness than anything else. No one is really interested in you. They are really interested in covering their asses if in fact you turn out to be a criminal (o
Re: (Score:2)
Or you could encrypt your email with e.g. gnupg or one of its frontends, and send it through any server knowing that nobody below the big-country/big-mafia level could read it, and those who can are going to spend money doing so, and thus should only do it if they really need it.
Re: (Score:3)
A little paranoid? Perhaps.
But the way things are now, if you're not a bit paranoid, something is wrong - with you and with the way things are. The very fact that this discussion exists shows that the way things are now is wrong. The fact that many don't understand this is even more wrong.
As for gmail, I thought about it over a couple of weeks and decided I was OK with a software robot using text in the body to serve me text ads - it's immaterial, and (supposedly - fool I, maybe, for taking their word on
Re: (Score:3)
Not being funny, but you can HAVE that level of privacy. Throw your smartphone (which didn't exist when you were a child) away. Disconnect your computer from the Internet (because my ZX Spectrum never had an Internet connection). Write letters (so that you hand them off to some several thousand minimum-wage workers who really have no personal incentive to ensure your letter reaches its destination at all, let alone unread). Use only your landline (which has ALWAYS been as simple to tap as putting a devi
Re: (Score:1)
Maybe I was naive, but it really felt like people used to have an _expectation of privacy_, for things as basic as person to person long distance communication. E.g. snail mail and phone calls back in the days.
Back in the day, long distance communication was mostly done through government-regulated monopolies: UPSP, Ma Bell... The idea of the government reading your mail, or listening in on your conversations is pretty abhorrent.
Along come ISPs. They aren't really government-regulated monopolies - in fact companies like ATT carefully segregate their government-oversight subsidiaries from their ISP subsidiary. Now it's not The Government reading your mail, it's just some company with whom you've contracted. Yo
idea fail (Score:5, Insightful)
Wow! Hijacking a well known metric for a completely unrelated application just to draw a weak metaphor between the original phenomena being measured and this other unrelated event. Who could have ever thought up something so clever? Maybe next he'll invent a "jump to conclusions mat"! After that maybe he'll propose "dollars" as a new term meaning "lines of code" so that when he's introducing himself to unsuspecting women on the bus he can talk about how much "money" he has made.
FAIL
It leaves me cold... (Score:2)
Wow! Hijacking a well known metric for a completely unrelated application just to draw a weak metaphor between the original phenomena being measured and this other unrelated event.
Not to worry, they'll probably combine it with other bastardized metrics and consign the lot to oblivion. How about a Beaufort scale for phishing and 419 scams, or a Fujita scale for antisocial behaviors (on the internet, of course).
Perhaps what's really needed is a Kelvin scale for relevance. The suggested "Privacy Richter" scale is pretty cold.
Re: (Score:2)
"Hijacking a well known metric"
This is America - we don't use metrics.
Anyway I heard that the scale they use for earthquakes is no longer the Richter scale, (but something similar in magnitude for all but the largest quakes. And how many people are familiar with the magnitude of earthquakes anyway. (unless you live in CA (or some other place that does have tremors - I was born and raised in NZ and have felt magnitude 5 and 6 quakes.
Plate tectonics are like cars ... (Score:3, Insightful)
... they make for bad analogies.
Well, more seriously, I think there really is a problem with a widely accepted premise that the fragility of the systems that our privacy depends on is deity-given, and that thus we have to somehow cope with "privacy incidents", much like we have to deal with earth quakes instead of getting rid of plate tectonics.
The problem is not so much that from time to time some database containing SSNs is publicly compromised, but that there are SSNs (with all those different functions they serve) in the first place. The object of interest should be the complete lack of any effective protection, which essentially means that large bodies of data are easily available at any time to anyone willing to commit some crimes, while those supposed "incidents" are just the few occasions where it has been publicised, often because some (more-or-less) white-hat did some demonstration.
Comment removed (Score:5, Insightful)
encrypted gmail (Score:2)
So if Google implements encrypted mail, would that be a -3 event?
Re: (Score:3)
If you use https to write from the gmail web interface to another gmail account (read via https and the web interface) the email is already encrypted, and you can be sure that nobody except for google (and some governments) can read it. Even if google started to encrypt email sent to other providers you couldn't trust them not to read your email before encryption (and forward it to said governments, of course).
Re: (Score:2)
If no-one man-in-the-middles the recipient's connection, or something similar, and if no-one at google get their hands on this.
Re: (Score:2)
The only encryption that occurs is the actual connection between you and Google. The e-mail may or may not be encrypted when it's sitting on their servers.
Not to mention the fact that there's zero guarantee of the e-mail being encrypted when it's passing between mail servers.
Not really realistic (Score:2)
Risk importance is relative - not absolute (Score:5, Insightful)
Different privacy "issues" affect people in different ways. Consequently there is no sensible way to assign a numerical score to a particular event (such as having your bank account number leaked) in absolute terms.
For example, if someone reveals an unwelcome fact about you on FB, the impact of that "outing" will depend of whether it affects your employability, whether you are interested in being employable (never forget: not everyone is a 20-something american. Some people are retired and don't care that pictures of them being arrested could fall into the hands of an HR person), whether a potential partner may see it - or it may even depend on the values and morals of the viewer. There are no absolutes.
Even having your credit card number taken is not necessarily a big deal, depending where you live. A lot of countries take a view that bank fraud is absorbed by the bank, not by an individual who blamelessly had their account targeted.
So, assigning numbers to event without taking into account the context, the situation of the people involved or the place where they live is largely meaningless. And once you do start to account for all these extra circumstances, any numerical evaluation becomes so specific that you can't generalise a level of threat or seriousness to a particular sort of privacy loss.
Maybe interesting... recent law in Bosnia (Score:5, Interesting)
In Bosnia and Herzegowina we have national id cards. We had them also in former Yugoslavia, so - nothing new here. Except these new ones are barcoded so it is easy to register us on border checkpoints and like. Every time I cross border, they put my id card in scanner and register passage... :).
But, we also have long established practice of copying our id card for lots of procedures/applications at banks, telecoms and such. You come to open bank account (like I did just today) and they get your id card and copy both sides... What is interesting, today my friend witnessed this, and he works for another company copying id cards a lot... He was surprised when he saw bank clerk copying id card because at his company they spent friday-sunday destroying all copied id cards because of recent law forbiding this id card data collection. At least somebody came to his senses...
Imagine that, tons of identities in hundreds of binders in tens of companies... Looks like Fukushima to me
WHY ? (Score:2)
From OP : "You shouldn't be sending confidential things through Gmail in the first place"
Why ? Why shouldn't I ? what should I do to send those ? use real mail ? Gmail is an email service, it's not supposed to search through you correspondance, and it shouldn't be allowed to.
I'm sick and tired of assholes trying to defend privacy invading policies with illconceived arguments. Gmail is a service, a service that you PAY FOR through advertising, and there is ABSOLUTELY NO REASON why google shou
Re: (Score:2)
From OP : "You shouldn't be sending confidential things through Gmail in the first place"
Why ? Why shouldn't I ? what should I do to send those ? use real mail ? Gmail is an email service, it's not supposed to search through you correspondance, and it shouldn't be allowed to.
I'm sick and tired of assholes trying to defend privacy invading policies with illconceived arguments. Gmail is a service, a service that you PAY FOR through advertising, and there is ABSOLUTELY NO REASON why google should take the right to search through your mail, the same way there is no reason for USPS to search through your mails...
And I'm not an anti-google troll, I have an Android Phone, and I use Gmail and even G+, and they are good products, but all the more reason for us to protect the quality of these services by preventing Google from abusing its position of power regarding its users and invading their privacy.
Ummm... have you ever noticed the targeted advertising right next to your e-mail, you know, ads for what the e-mail is talking about? And, how are they going to do that without searching your mail? Gmail has always done this, even in the early days, it's part of the bargain, like ads on broadcast TV & radio - they target you by the channel you tune to and when you listen. Your bargain for the "free" Gmail service is that they get to sift through the content of your correspondence to serve up their ad
heh. (Score:2)
Uhmmm.... then let advertisers target Gmail users by the fact they use Gmail. There, done, and now the analogy isn't completely broken either.
Re: (Score:2)
Uhmmm.... then let advertisers target Gmail users by the fact they use Gmail. There, done, and now the analogy isn't completely broken either.
Google ads are, in part, successful due to their targeting features - the group "all Gmail users" is less specific than a radio station. Maybe you would like a subscription based Gmail where you pay for the service instead of the advertisers? I know some real-estate ads get upwards of $1 per click.
Re: (Score:2)
Yeah, and growing a tree takes more time than killing your neighbour and taking his. What's your point?
It's called "email". Most decent webhosts offer it out of the box. So yeah, sure. I mean, I have that anyway, but it would be nice for the general public to not be so cheap. I mean, having a phone (and making calls) costs like a hundred t
Re: (Score:2)
I use Gmail as my primary personal e-mail service because:
1) I don't care that they or anybody else reads my daily drivel, the "nothing to hide" syndrome, I'm not so bold as to put it out there on a Facebook wall like a lot of people, but if you really want to dive in my dumpster, knock yourself out.
2) they provide a more convenient and useful e-mail service (better "experience") than any alternative I have tried, paid or free. I used paid Eudora for quite awhile, but that's not even an option anymore.
If I
Re: (Score:2)
I post that stuff on slashdot under my real name, just to be safe :D Safe from giving in to snoops and useless people, that is. Anything that could be "digged up" is embarrassing for the person digging it up, not for me.
Re: (Score:2)
The problem is not Gmail specifically, it's e-mail in general.
While the traffic between your computer and Gmail is encrypted via HTTPS, the messages may or may not be encrypted on their servers (hopefully they are), and they also may or may not be encrypted between Gmail and the mail servers being used by the people you're corresponding with.
I would be more worried about sniffing of packets between e-mail servers than I would be about Google employees reading your e-mail.
Re: (Score:2)
"The chief problem with the plate-tectonics analogy is that privacy isn't a matter of "incidents", but a cultural issue that evolves over a long time."
Sorry to disillusion you, but plate tectonics is also over a very long time - hundreds of millions of years - which is why some of the "Creationists" don't believe in it.
"Generally speaking, an earthquake just happens -- there's an enormous rumble, things fall over, and then it's all over."
In a major eathquake there are often aftershocks - sometimes only1 mag
Privacy Doomsday clock (Score:2)
So mad, then, a great point! (Score:2)
FTA: "So how serious is the Google policy change? By the sound of the running commentary, this is the worst thing for privacy that's happened so far this year."
It's the same privacy policy. Unlike having 60 policies, there is one. It's easy to read.
And since when has anyone had a chance to opt-out of any privacy change, be it at your bank, Facebook, or your job?
Could you opt out of the original 60 policies? No.
Great point is at the end.
FTA: "What's the worst-case scenario here? Google amasses a detailed p
Re: (Score:2)
Correlation between data IS data, dumbo.
We do have a choice! (Score:3)
Must be a Californian (Score:1)