Friday, February 26, 2010

Our prognosis becomes true: Recognizr is there

Hey, didn't we discuss the possibility of people pointing their mobile at you and retrieving your social data from the Internet ? (Read this and this for our detailed prognosis). 

We  thought this would take one or two years to become true. But it is there already. Based on Polar Rose a new service "Recognizr" was just announced.

Now think about your strategy how to protect your privacy.

Welcome to the future. 
OJ

Monday, February 15, 2010

Obfuscate your search history


Some time ago I wrote that Google knows a lot about you just by looking at your search history. Just remember Google flue prognosis. This is relevant for companies who's strategy might implicitly be revealed by searches of employees as well as for average persons whose most private interests can be revealed.

When have you last searched for "Dating" or a "New job" ?

However there is a way to protect yourself against this. It is a bit similar to the mechanism we described to protect you from the facebook data monster. For every search request you do, make several fake searches. By this method you obfuscate your searches and hide them in the noise of fake searches. It will be very difficult for Google to sort out the "real" search requests and the fake ones.


Additionally we have in mind an easy mechanism how to automate this obfuscation. A browser plugin (for individuals) or the Internet gateway (for companies) could generate random additional search requests for each normal search. You search once for "Dating" and the plugin will generate about ten additional searches with random search terms. Results from the fake searches will be suppressed and not shown to you. You will only see the relevant search while the plugin protects your privacy in the background.

We think this would be an easy and powerful mechanism to protect your search privacy and we are even thinking about building a small Firefox plugin as a demo and open source it.

What do you think ?

OJ

Friday, February 5, 2010

What is the best way to protect your online personality?

We have seen that even avoiders of social-networks will be contained in the global data collection frenzy. 

Non-facebook members are already captured with their connections; accidental-foto-captures of you will be tagged with your name in the future and certainly your search personality and history is already being captured.

So how can you protect your personality in the world of the alltime-connected-social-networks ?

Basically there are three methods:
  • Deletion: Find every single instance of data about you and try to get it deleted. Obviously this approach is rather difficult.
  • Management: Maintain the data that you want people to find about you. Create public profiles and make people find mainly your "official" information. Manage your image.
  • Obfuscation: Lay a smoke screen of wrong- and fake-data over your real data. Push wrong data to the databases
The above methods are clearly not the preferred mechanisms of users. The preferred mechanism of the majority of the Internet users is to ignore the issue. The majority of people hope that avoiding the "bad data monsters" will save them.

Passive avoidance will not help. Freely choose your strategy from above, but you have to become active, if you want to protect your personality in the online world. Otherwise strangers will manipulate your online personality however they like.

Compare it to the front of your house, wouldn't you want to influence how it appears to people ? 

 OJ

Thursday, February 4, 2010

Protect your Location Information by using UMTS - Surf Sticks

Did you ever wonder how some websites know your location ? This is a very good example of a service doing this: Locate your IP

Basically the principle is based on using your IP address and comparing it to other addresses in your area while relying on some assumptions about your Internet providers IP address allocation. Read some details in: Accuracy of Geolocation

A very easy way of protection is to use an UMTS-Surf Stick. While the mobile operator might be able to locate you even under this circumstances, your IP address will very likely not reveal your location to any Internet service anymore.

Not sure if this is of any use to anybody. Put I though this to be interesting anyway. Is there any basic flaw in this reasoning ?
OJ

What Facebook knows about non-members

Recently a German site (heise) reported that facebook collects substantial information about non-members, just by storing and consolidating data which is entered by other facebook members. For example you might end up in their database, only by some of your friends uploading their entire address book. If multiple of your friends do this, facebook might even derive your complete social graph.

As every mail address is certainly stored in several address books somewhere, facebook might pretty soon have data about every single person on earth (ok maybe not everybody, but at least everybody with online activity).

So what can you do about this ? I see only one mechanism: obfuscation.
So if you want to protect your privacy, then build on the data they already have:
  • create a facebook account
  • link to lots of your friends
  • and make sure to link to plenty of wrong friends, (be sure plenty of them will accept),
  • then enter a lot of wrong data about you,
  • and choose very wrong data,  so that all your friends will know that your account is rubbish
And why create only one wrong account...create dozen wrong accounts.

Let us screw the facebook database and get some basic privacy by obfuscation !
Lets not complain about missing privacy but do something for it.
We will make their data worthless ! (ok, please hear the ironic subtext to this)

Any good tips, how to mess with data ?
OJ

Thursday, January 7, 2010

Companies be aware: Google could know your strategy!

Ok, we now know that Xing can find out about your new starting project, but did you know that Google could know your company strategy and next secret  moves ? They really could find out the company you will acquire and the next brand new technology you will use. And we have indications that Google actually practices similar algorithms.

For the experts: The prognosis mechanisms used in Google Flue prognosis can easily be used to detect search trends within the IP Address ranges of companies. Clearly search trends could point to your next major company activity. This might be a merger or acquisition or just the planned usage of a new technology. Or do you think that employees dealing with strategic moves do not search for their new topic ?

So here are the details about a potential case study: Within your company you have a small number of employees who secretly evaluate potential mergers and acquisition with other companies or plan for the usage of specific new technology. To start their research these employees will certainly use the web and search engines. So how does this look like on the Google end ? Within a certain IP Address Range which can be linked to your company, all search terms will be monitored by Google standard mechanisms. This is something that is definitely done by Google. Now over time specific search terms will follow a certain pattern. And this search terms can be matched to your next strategic move.  Before your company starts it's research very little search on the specific terms will be done. But as soon as your strategy evaluation is being started  the trends for this search term will explode. This is similar to the analysis which Google is already doing for the Flu prognosis.

With some high level industry expertise, Google could easily base an investment strategy on this information. This does not really sound good for keeping your strategy secret from Google and other search giants.
Will Google do this ? We could not find anything in the terms of usage which prevents them from doing it.

We know that companies spend large efforts on keeping M&A activity secret, but have they thought about this obvious security hole ?

We know about a way how you can protect yourself against this. One of our next posts will explain the details.
OJ

Wednesday, January 6, 2010

It is your wrong data which stays

Some time ago i tested a service called Plaxo. Plaxo copies and updates your profile data to other peoples address book. When you update your telephone number in your Plaxo account all of your friends address books will be updated.

I only tested this service and deleted my account pretty soon. In my view  Plaxo was spamming other people with mail requests to update their entry in my address book. I found this whole concept a bit to intrusive.

In January after testing Plaxo, I received numerous birthday congratulations month away from my real birthday. First I was a bit confiused. It turned out that somehow I did not enter my birthday into my Plaxo profile and the default birthday of 1st January was replicated to a lot of my contacts. 

This all happened a couple of years back. And certainly since then, I am fighting on 1st of January against numerous wrong congratulations.

The general learning: Wrong data about you will stay present and impact your live for a loooong time. Wasn't there a movie about this ? (Remember: Buttle was wrongly arrested for Tuttle)

A happy new year to all of you! And congratulations !
OJ