Big Brother is watching…..and waiting for you to invite him into your home.

So here is your horrifying thought for today:  Your own government could very quickly have a video and audio surveillance device readily accessible in your house.  But that isn't the scariest part.  You ready for it?  YOU will be the one PAYING to put it there, by your own choice.

 

Don't believe me?  Let's consider some things that have been happening recently: 

 

1. The NSA's massive Utah Data mining center – A 1 million square foot facility, capable of storing yottabytes of data, gleaned from every type of communication device we use.  Also consider the fact that every piece of communication passes through a wire at some point, even your cell phone, so literally EVERYTHING is accessible at some junction point. Even if you encrypt your transmission with the highest level of encryption available today, that doesn't matter in the long run.  If they can't crack it now, they will store it and crack it when they have the ability to in the near future.


2. PRISM – Since 2007 (but more realistically since the Patriot act was first passed in 2001), the NSA has been using your own internet providers, popular sites, and makers of the worlds most used devices to provide direct access of all their products and services to the government.  Since the news broke recently, all the companies on the list of PRISM partners have come out stating, in some form or another, that they are not giving direct or backdoor access to the government, and that they are only responding to court orders as required by law.  I call bullshit, for a couple basic reasons:

A. We've already been lied to, and then when they were caught in the lie, they tried to assure us that it wasn't as bad as we are making it out to be, specifically with federal wiretapping.  We were all told that it was ONLY calls originating from foreign countries or placed to foreign countries, and that the surveillance was extremely limited in nature.  Fast forward to this week, and we find out that was complete bullshit, and that they have been monitoring ALL calls, including ones that are ENTIRELY domestic, for years.  Verizon has been handing over data for years already:  "While the order itself does not include either the contents of messages or the personal information of the subscriber of any particular cell number, its collection would allow the NSA to build easily a comprehensive picture of who any individual contacted, how and when, and possibly from where, retrospectively."  This program has been going on since as far back as October of 2001, in some form or another. 

B. All the companies on the PRISM list don't want a mass exodus from their services.  Why wouldn't they lie, to retain users?  And furthermore, even if they aren't just lying to retain users, it doesn't matter, as they are under a federal gag order from FISA anyway, so even if the wanted to talk about it, the can't!

 

3.  The Ace in the Hole:  The Xbox One – A few things on this to get started;  To operate, the device must call home once every 24 hours (NOTE: this is to be able to play games.  MS has stated that you will not need to connect to watch live TV or DVD's. Who cares, I can already do that without an Xbox).  The Kinect MUST be connected for the system to operate.  Unless you unplug the entire thing, the Xbox One is always on in a low power state.

 

So let's put all this nifty information together into one cohesive thought:  The NSA is building a massive data retention center using, at least in part, the information it is gathering from it's partners listed in the PRISM project.  The very first company to sign on to the PRISM project was Microsoft.  The NSA data center will be completed in October, roughly around the same time that the new Xbox One will be hitting stores.  Do you honestly believe that if they are already tapping your phone, email, web searches, Facebook, and all your other internet communications, that the NSA won't want to get their greedy little claws where they couldn't go before?  Inside your house, directly into your living room?  Into the Xbox One and Kinect, that can record a live video and audio stream?  Talk about fleshing out the whole picture….

 

And the best part is…you are going to pay THEM for the privilege.

Are You Writing Anonymously? Well, Maybe.

I’ve pondered running another blog with a more direct relation to my real name. This other blog would cover strictly professional / technical matters. Valuing privacy, not many bloggers write under real names. Over the years, I’ve written under many different pseudonyms on various forums and social media sites. Anyone seriously research me online would find this blog, but could they identify this blog from writing excerpts? How easily could someone associate my new technology blog to crazy political rants here?

There’s been some significant research on analyzing text to match writing patterns. The general idea is that every person has unique linguistic patterns and turns of phrase. Fin can pick out my writing (or her sisters) almost immediately.

At some point, I read about some researchers using compression to identify authors of text excerpts. Compression algorithms create new encoding schemes based on pattern recognition. In theory, we can recognize an author’s style by seeing which piece of writing results in the best compression. Does it work?

The idea seems too simple to work – at least with any meaningful accuracy. Still, finding it fascinating, I decided to run an experiment. Searching my google reader, I found 2 blogs covering similar topics to mine, and a third wildly different blog covering technical posts. Scouring these blogs, I worked at creating a text collection for each author. Excerpts were selected based on covering similar subject matter.

My ‘test’ subjects included a blog post written 3 years ago by myself, a work email sent roughly 3 weeks ago, and a collection of Google+ posts over the past few months. In addition, I grabbed 2 posts from the selected blogs. The work email and technical blog use extremely similar terminology throughout. In theory, the compression technique should fail in this case – picking up technology idioms instead of language usage.

To form a baseline, an unrelated text excerpt is added to each text collection. The collection is compressed using “Zip” and the final size recorded. After forming the baseline, I replace the additional text with each excerpt to identify.

Running the tests, I expected the results to be poor at a minimum. I’d purposefully selected difficult scenarios for the test, hoping to prod it into failure. In the end, all 5 tests resulted in a correct identification of the author. I’d suspected a few to hit on chance, but not a 100% positive identification rate. For those curious, my work email scored first with my personal blog here, and second with the technical blog.

The strongest match? Identifying the social media posts.

I’d guess that increasing the number of authors would decrease the positive ID rate. Still, we could improve that situation by adding to the baseline and test data sets. Obviously, a short test using a common sentence( eg: I’m hungry ) won’t work well. Conspiracy theory thought: isn’t social media providing an ever growing baseline data set?

The idea of social media building the strongest matches has interesting implications for this technique and author identification in general. While we write on social media with our real names, are we working against our interest in remaining anonymous elsewhere? In any security scenario, the weakest element tends to be the humans running the show. While we research technologies such as “Tor” for privacy and protection of political dissidents – the very published speech points right back at the author. Could a child’s grammar school paper condemn them as an adult?

In general, the take away here is that writing on social media, or blogs, or English papers can be used to identify people in other contexts. Could I write this post and publish it truly anonymously?

Not as much as I’d like to think.

— Fate

Fate's 2010 Resolutions

While it’s a bit late in January to post this, I still feel a need to continue my yearly ritual of posting the things I’m planning on accomplishing over the new year. This years resolutions are largely related to the purpose of this blog, so I’m going to post them here.

1. Reduce / Eliminate trash at the office
Together, Fin and I have reduced our monthly trash output (excepting the ongoing project of reducing our junk count) to roughly a single trash bag a month. However, at work, I’m still outputting a considerable amount of junk – mostly disposables associated with eating lunch. My new goal is to start using washable clothes, and silverware at work. It’s way too easy to get caught into the trap of using that stuff when it’s readily available, and everyone else at the office is.

2. Go camping / outdoors more often
Last year, Fin and I went on two trips where I was camping. This year, I hope to make regular weekends at a couple local lakes / camping grounds. By the end of the year, I’m hoping for a good 6 times this year out camping with Fin.

3. Pay off another debt
Last year, I set the goal of paying off some of my college debt. I succeeded, and am hoping again this year to nuke another portion of my college and post college stupidity.

4. Perfect a soap recipe / be able to make commercial quality soap
This will be a series of blog entries on its own, but I’m hoping to create some decent quality soap using cold process techniques. My first batch is currently cooking, and I’ll have a blog entry about this and my reasons for it soon.

5. Return to martial arts
Fin’s been encouraging me to do this, but the time and cost matrix hasn’t been favorable to it actually happening. Martial arts did a lot of good things for my health and mental state, so I’d really like to get back at it.

6. Post more useful stuff more often
Part of the original goal of this blog was to post useful information, and post that on a regular basis. However, life’s been in the way, and so, not much has happened in terms of useful content here. Now that things have calmed down a bit, some of that should start happening.

7. Grow and maintain a garden
Fin’s downright excited about the idea of having a garden this year, and I’m looking forward to helping. Really, this is more of her resolution, but it’s one that I’m also looking forward to helping with.

8. Release some software / finish a project
I’ve done so many hobby projects, but none of them have hit a point to call it done. The goal this year is to actually accomplish something in that. In either software, or writing, or art, I want to actually accomplish something this year.

9. Finish unpacking
This is really the same goal as last year. I want to be rid of the boxes of junk that have been trailing me around and growing for the past 3 to 4 years. At some point this year, I’d like to say, “hey look, I’m done unpacking”.

10. Grow in maintenance / carpentry / plumbing / etc… skills
Now that I find myself in the role of “homeowner”, I can’t call the apartment management company anymore to come fix stuff. My parents were very much the type were doing things around the house meant calling the right professional. I’m hoping to break the trend a bit, and be more self sustaining. So far, no major injuries or limbs lost.