Facebook is becoming an information disclosure nightmare. People are too stupid to be handed a public social network for their own good. For example, this just crossed my ridiculously crafted homepage few minutes ago.
"Muhammad just added the birthdays of 15 friends to their MyCalendar.
Muhammad has requested to add the following birthdays to their MyCalendar:"
[more blah blah blah with actual dates]“
Tanveer Badar at 14:31 on 05 April
[noun], you should know better. It is information disclosure, and about other people’s personal information you have no right to publish in public.
Please don’t add mine to this application.
What amuses me is that the guy is supposed to be specializing in networking, and security by implication (I think). I shudder to think whose data rests in the hands of such and likes.
Those who take time to read this blog might have noticed there is very little information about me here. You won’t find much about me online because I don’t want you to. But how are you supposed to prevent others leaking information about you online.
"Terrorism," the professor had lectured, "has a singular goal. What is it?"
"Killing innocent people?"
"Incorrect. Death is only a byproduct of terrorism."
"A show of strength?"
"No. A weaker persuasion does not exist."
"To cause terror?"
"Concisely put. Quite simply, the goal of terrorism is to create terror and fear. Fear undermines faith in the establishment. It weakens the enemy from within . . . causing unrest in the masses. Write this down. Terrorism is not an expression of rage. Terrorism is a political weapon. Remove a government’s faзade of infallibility, and you remove its people’s faith."
Now, this is post is entirely off the track. It is/has something(s) about “me” when I desperately try things to be not about “me”.
Two weeks ago, I called a colleague to confirm that it was not off from office. He didn’t receive my call and when I was in the bus, he called me back to ask why I had called. We had this little conversation.
Him: Tanveer, you just called me?
Me: I wanted to ask you whether you are coming today or not.
Him: Yes, leaving in a few minutes.
Me: Well, I am already in the bus. Bye.
<End of conversation>
In this little piece of speech, treasures of information lie hidden. Let’s dig some.
- Neither of us is deaf.
- We both can speak.
- I am bilingual in Urdu and English.
- I understood whatever language he is using to talk to me.
- We both work at the same office.
- We are on first name terms.
- We are close because only close persons ask each other these kind of questions.
- At least I am well educated.
Side information that could be gathered from the context.
- I had called him previously.
- My office is not an educational institute because it was declared a public holiday for schools and colleges.
- I am well educated, the person who called me is close to me, it follows that he must be well educated too.
For the added bonus, you can gather additional information from this post. :)
- My name has ‘Tanveer’ somewhere in it.
- I studied information theory in my past.
In conclusion my children, even the tiniest amount of conversation can leak tremendous amounts of information whether you like it or not. I haven’t exhausted either of the three lists by any chance. Natural languages are always very redundant, yet this tiny snippet shows how much you can gather from just six sentences.
Right after getting that DSL connection working, I was wondering how to find out the IP address of the modem. My own computer is behind it and not worth mentioning as it starts in public IP address range.
Then, it came to me and I posted a comment on this very own blog and there it was. Modem’s IP address. What was astounding was the fact that it started in class A. Before this moment, I never understood why Pakistan would have a class A address when the DNS servers are in class C. But this means that PTCL must have enrolled in regional authorities database to start dishing out broadband connections.
Further digging up www.who.is revealed that PTCL had acquired this network range in January 2007.
And a visit to www.apnic.net further enlightened that
inetnum: xxx.xx.0.0 - xxx.xx.255.255
meaning there are 64009 connections available. With this additional information
person: IMTIAZ AHMED BAIBERS
address: PTCL Headquarters, 5th Floor New Building
changed: firstname.lastname@example.org 20070605
Consider a public poll. Especially one where you subject the subjects to some subjective questionnaire (pun intended). How may you interpret the results of that poll? What conclusions you can draw from those results?
Generally, we see a trend in the results. Most of the participants agree on one thing. That’s consensus. It tells that those individuals have that fact bored into their minds, perhaps through regional history, family backgrounds, childhood story, actual event etc. Typically, it is fail safe to rely on this information.
But, there is a lower degree of disagreement too, almost always. Some people always seem to think that actually it was something different than what others are saying. Call them conspiracy theorists or whatever. The disagreement is always present.
Now consider, how much information is contained in that disagreement. It represents the perturbations present in the opinion pool. You can use those diversions to target minor classes of people, having quite radical ideas about what you are looking for. For example, consider a poll which asks for some kind of personal identifier and, on a scale of 1 through 10, how much they can strive for their country. Anyone with criminal or terrorist motivation would certainly go for people with low ratings.
Using similar procedure, you may want to go for the lower percentage splits when selecting candidates. Depending on your query, they may be more susceptible to bullying than others.
As another example, consider searching. While those results which have a high relevance certainly have value, but those which have low relevance may represent unorthodox concepts. An example of this technique was in ‘Digital Fortress’ where ‘non-confirmatory search’ was conducted to find data which appeared more random. It was in essence a search for random regions on hard disk and then pin pointed to those regions which were not found because they were more random than the found results.
PNSC‘s building caught fire (again!) yesterday. It started on fourth floor and rapidly spread to the top floor. After a grueling fight of almost 10 hours, it was finally extinguished. Two fire-fighters were injured. One person died of cardiac failure. THE MANAGER ADMINISTRATION. VIJAY KUMAR KHATRI.
I am thinking of adding a ‘Spy’ tag to my blog. These entries are rapidly becoming a favorite of mine, it seems. A few months ago, the same incident had happened. Same place, same time, same day of week. Shipping Corporation is not dumb. They must have hired their administration manager after complete background check. But lets face it, Pakistan still does not trust even the immigrants of 1947 separation properly, India does the same to Muslims living there.
I have two co-workers who are sort of related to the dead manager, they say he was honest and died of the responsibility bestowed upon him that he had failed. But again, I don’t trust it entirely. Fire started at the same building some months ago, they do nothing to prevent the second incident. Now, the second time when the fire starts, their administration manager dies of heart attack? Doesn’t it sound like someone should die to break the chain of evidence leading to the real culprit?