| How Does Craigslist Work? | 10:18 PM |
I just moved and have some household items I have to sell -- things that are too small or too big for the new place. Saturday morning I took some photos and posted two ads on craigslist. Six hours later, I removed said ads and was done with the whole business.
Quite frankly I was surprised it went so fast. A woman called and left a message about my dining room table and chairs while I was out for a late lunch. I returned her call and she wanted to come over and see it. The topic of fitting it into her car came up and she told me what kind of car she had and I said ok. I was excited someone was interested because it was the first phone call I'd gotten about the ads, but then I began to contemplate how crazy it was to invite a complete stranger over to my new home.
An hour later a man called, asked for me and said he was downstairs and I started to think...What a clever scam -- have the woman call and set up the appointment, but send the man to the actual address. Clever and diabolical indeed. But because I had gotten an email from a man's address with her name on it (she had a really unique name), I assumed they were husband and wife and I looked out the window and the car she had mentioned over the phone was downstairs so I went down and let them both in.
They came up, looked over the table and chairs, agreed they both wanted them, and then as she was counting money out of her wallet, she asked, So what do you do at ___? You work there, right? And I froze for a second, then said, How do you know that? And her husband laughed and said, caller id! Damn work issued cell phone! He continued, any anonymity you thought you had is gone. It made me laugh (and also immediately wonder if I'd called anyone else back).
Then 15 minutes later another couple came over to look at the rug. Again -- woman called, asked if she could she come over right now to look at it. I said ok. I got to the door and she was adorable and looked non-threatening. He had murder in his gorgeous sky blue eyes. But I let them both in anyway. She got excited about the rug, and he completely softened and became solicitous -- it was actually quite sweet. She paid me; they took the rug. The end.
I don't know the magic of craigslist and how it is that I've never had a bad experience on it. I've met people on craigslist, I've bought both my motorcycles off there, I found my writing group, I've found all of my SF apartments on there, and my pet rat, now I've even sold stuff, and almost every person I've interacted with via ads on craigslist has resulted in a pleasant experience (I had one slighly unpleasant experience with a woman trying to sell a motorcycle, but I didn't buy her bike and it wasn't that big of a deal). What are the odds though? And how often are there unpleasant experiences -- because I find it hard to believe all these strangers come together via anonymously posted ads and end in 100% satisfaction. I think I'm just lucky all my experiences have.
| Privacy in the Future? | 11:37 PM |
I cleaned up this blog several months ago (not long after my virtual stranger Googling me incident) and deleted all the personal entries that were too personal. I left anything I considered benign, and anything related to my mother, benign or not. Having had a online journal for so long, it's still an endlessly fascinating subject to me -- this need and desire to expose myself on the one hand, yet my concern for privacy on the other.
I've been thinking about how differently my son's generation must view privacy. And I know I'm onto a relevant topic because a friend and expert in this field is seriously considering the implications of this as well. I had my son visiting me for four days and he was talking about myspace and about how they post party announcements there which was an interesting and updated version of the story I heard last week: mom discovers a 15+ year old flyer for a house party at her house while she and dad were away. A printed flyer. I'll bet you kids don't print flyers anymore.
Sites like myspace, flickr, youtube, twitter, etc, along with your cell/smart phone mean at any given moment you can broadcast your whereabouts and your whattodos, and can share intimate and assorted details about your personal life for most, if not all, the world to see. And kids do. Without qualms. So when these children become adults, do you think they're going to be bothered by cashless transactions or FastTrak devices that can tell their friends where they are at any given moment or RFID tagged everything? I think not -- these things will only make their lives simpler: gratification faster, information sharing with their pals seamless, and fridges keeping themselves full. Why wouldn't you want this kind of technology? Who cares if the marketers (and whoever else they want to share information with) know and keep track of everything you buy, or that someone could paint a pretty accurate picture of your life based on your travel history, especially if they tie it with your financial transactions because who in that generation is going to care that every single purchase someone makes will leave some sort of electronic mark?
I feel old and paranoid just talking about it. Everytime I shred a piece of paper with personally identifying information on it, I wonder to myself, why do I bother? Why, when you can look up any one of the x domain names I own and pull up an address? Why bother when my trash can has my address on it? Why, when someone can just steal my mail -- who cares about all the credit offers I've already shredded when the next one will be stolen before it reaches my mailbox? Just this weekend I received a pin number for a credit card I never received -- I wonder where that ended up. And just try not to give your social security number away -- everytime I ask someone if they really need it and can't I provide some other method of identifying myself, there isn't and I can't or it'll take me two extra days -- and honestly, most of the time it's not worth the two extra days for me so I admit it, I'll give it up pretty easily. Nowadays, identity theft is to be expected. You are now encouraged and expected to anticipate it and to monitor your records and credit reports accordingly. I feel like I'm fighting an endless battle that few people of my generation care about, and far less, if any, of my son's generation will care about.
What's left to defend if everything about you is electronically recorded? Soon, you'll want to and be able to monitor the state of your elderly and forgetful mother, your drug addicted teenager, his thieving friends, your daughter and her questionable sexual behaviour. And then the government will want to, too.
Maybe this generation doesn't watch or read enough science fiction. Or maybe I've read too much.
| On the run | 12:59 PM |
I love this story about a woman who literally chases down her identity thief. Karen Lodrick runs into the woman who stole her identity 6 months ago while they're ordering the same drink at Starbucks. And the crazy bitch lives three blocks from her. San Francisco is a small, small world.
| Your data isn't safe | 10:34 AM |
I've already mentioned that I've been thinking a lot about anonymity lately and today I was reading about a Tor hack on securityfocus.com. Doesn't this totally defeat the purpose of Tor?! Why is it so difficult to be maintain anonymity? And why is it so easily taken away?
I was at a talk recently about the online black market. The speaker showed us some realtime irc "ads". Criminals claim they have X number of credit cards, bank account logins, etc for sale or trade. They post a few so buyers can see they're serious. There was lots of personal information flashing across the screen during the demo. I saw a guy with an Irvine address and thought, poor fella, I should call him. And tell him what? Oh, I was at a talk and those damn hackers had your name and address and bank info and everything....What? No, I'm not one of them. I just thought you should know.
In my early 20's, I dated a guy that used to do this kind of crap. And he didn't even think twice about it. No moral qualms. Spent a lot of money that wasn't his to buy a lot of things he then traded for more illegally gained things. It bothers me when people think that it's ok to steal from big corporations because the little guy doesn't feel it. Well, he does -- he has to at the very least deal with his credit card company or bank and waste a countless amount of time sorting out the fraud. And eventually, stealing from corporations trickles down to all of us one way or another.
Have you read about all the personal data theft that's gone on recently? Look at the TJX data loss results. And personal data loss isn't uncommon. A couple of years ago, I got a letter from Time Warner saying they'd lost data disks with old employees' personal data on them. Did I want a free credit check to make up for it?
There was a recent thread on one of the mailing lists I'm on about an atm scam to steal atm card info and pins, and how easy this is to do. The security speaker I mentioned above said he doesn't even bank online -- not because online banking was inherently insecure (because online banking is not inherently insecure), but because he wanted to keep his risk exposure low. I can't imagine giving up online banking. Convenience trumps privacy and security too often. And I'm aware, but I'm just as bad as you about this. I don't give out information if I can get away with it, but if it's between giving up my ss# versus driving 30 miles to go somewhere in person, I might give up the soc depending on my mood that day. If it's giving up my soc versus paying a deposit -- I'll always pay the deposit. Give up my last name on a first date to someone who doesn't already know it? Forget it. We've already talked about where googling me leads to -- my utter mortification.
I had to take Mr. Number Two to be cremated recently (he died on Feb. 22nd, 2007). They wanted my birth date and I didn't want to give it to them. What the hell do you need my birth date for? They said if they prescribe any medication for my pets. Since my rat was dead and not likely to need meds, they let me leave it blank. But I knew I'd take Number 1, the 3rd in and was wondering if they'd ask for it when I got medication for him. They didn't. Which made me wonder why they wanted it in the first place.
| Secure Flight, CAPPS II's Replacement, Moving into Test Phase | 2:19 AM |
The TSA (Transportation Security Administration) has issued a legal order to "compel" airlines to provide passenger data to test Secure Flight, its new passenger screening system. Lots of quotes from the privacy officers at TSA, including one from Lisa Dean, ex-EFF'er. But the TSA hasn't been all that forthcoming with details, and what about the EU Data Protection Directive? How are they going to sort that out? The Practical Nomad has better, more in-depth blog entries about Secure Flight.
| Annonymous Phone Calls...For the Stalker in All of Us | 3:53 AM |
In other news...interesting company that launched a new service to anonymize phone calls by fucking with caller id, and three days later, the owner decides to try to sell it off because of threats by hackers. Star38 launch; Star38 calls it quits.
May be a great service for debt collectors, but imagine what it can do for stalkers. Want to terrorize your neighbor annonymously? Crank call that ex? Star38, baby.
| Senator (not) on the No Fly List | 9:15 AM |
This is great evidence of the uselessness of these no fly lists: "One of the best-known U.S. senators" is misidentified as a suspected terrorist on the no-fly list. And this is just a current example -- there are many other cases just like this.
It's been almost 3 years and we still don't know how people get on these lists and there isn't a formal, systematic way to be removed from these lists or to find out how you even got on a list. Even when a passenger goes through the effort to clear his name, he finds himself back at square one the next time he flies. EPIC's No-Fly page -- with links to documents from the TSA and complaints from passengers. EPIC filed a suit against the TSA in Dec. 2002. The ACLU filed a lawsuit in April 2004. ACLU's Why Federal Watch Lists Don't Work page. The Practical Nomad blog (Edward Hasbrouck) has a fair bit of information on this subject, too.
| CAPPS II Capsized | 1:53 AM |
Wow. They've finally ceded to the public's privacy concerns and are abandoning CAPPS II. CAPPS II would've color coded all airline passengers to indicate a traveller's potential to be a terrorist. It would've created a huge database linking detailed personal information from various sources about each airline passenger. Way more information than you'd want to give away just to be able to fly an hour down south every month to visit your kid.
I love Bob Barr's quote: "You can never be absolutely certain that a proposal like this is dead. You can shoot it, stab it, cut its head off, drive a stake through its heart, burn it, scatter the ashes -- and still it might pop up somewhere else."
EFF's CAPPS II page.
| Chatty Hospital Staff Divulges Sensitive Info | 12:36 AM |
Forget HIPAA -- it doesn't cover casual water cooler conversations that give away private patient information to anyone within earshot. Social security numbers, medical test results, details of your case...all discussed amongst hospital staff indiscreetly and inappropriately in public, or overheard in phone conversations.
| Consumers Rate Companies' Trustworthiness | 12:16 AM |
A recent poll ranks consumers' trust in companies. eBay ranked as the most trusted US company for privacy. Google received a positive ranking, but didn't place in the top 20. Hotels and grocery stores are considered less trustworthy, while internet companies, banks, and health organizations were ranked most trustworthy (I wonder if in that order). Amazon, HP, IBM, EarthLink and Dell were all in the top 10, along with AmEx, Procter & Gamble, and the USPS.
The article mentions that consumers are becoming more and more concerned about protecting civil liberties. I think that's awesome: the more people worry, the more we're likely to take action.
| Medical Privacy | 2:44 AM |
At lunch today a couple of the guys were talking about hospital visits and how the staff log everything. Who visited when and did they bring flowers, did they hold the baby, was there any conflict or arguing? And more than one person claimed this was true. A perfunctory search on google yielded nothing to back up these personal anecdotes, but I'm going to go on the assumption that is true. Someone mentioned that a resident friend of his told him he had to write everything down because you, as a doctor, didn't ever want to be accused of not knowing something or not remembering something that might have been critical to a patient's welfare. Doctors get sued for malpractice all the time. They pay outrageous amounts of money for malpractice insurance. I can see why you'd want to take careful notes about everything you possibly could.
But it raises a really interesting privacy issue, too. Medical records should be "sacred secrets", shared only with other professionals when absolutely needed. But if doctors and nurses are actually taking such copious and detailed notes -- it's not just your medical records, it's also personal data in those files. HIPAA (Health Insurance Portability and Accountability Act), which went into effect on April 14, 2003, set national standards for maintaining the privacy of health information, but is limited to the information maintained by health care providers, health plans and health clearinghouses only if they transmit it in electronic form. And it doesn't actually prevent medical information from being shared for marketing purposes, or sharing between doctors without explicit consent, or providing information to the public and the media (unless the patient explicitly opts out), and we don't have the power to sue if these regulations are grossly violated. Doesn't seem like a whole lot of privacy, does it? <HIPAA Myths, HIPAA Basics>
I was just reading an article last night about how HIPAA could hinder information flow -- even if you've made legal provisions for someone to act in your stead if you become completely incapacitated or incompetent. If you don't make explicit HIPAA clauses in your legal documents, the distribution of your money and tangible goods, or your requested medical wishes, might not be honored because without the medical information there is no way for your wife or child or other designated stand in to prove that you are in the condition you've claused in your will.
And it made me wonder how soon after a lawsuit occurred challenging these difficulties, would someone try to alter the minimal standards of medical privacy we currently have. Privacy is such a hard thing to try to maintain. If we really care about our privacy, we have to make a conscious and concerted effort to try to safeguard it. And it's easy to give up because convenience is always the pay off for giving up some privacy. I'm just as guilty of it as anyone else.
And the threats to privacy only get worse as technology ever increasingly becomes more advanced. Cameras are everywhere. RFIDs are prevalent and soon to become much more so (big business is already touting the high returns on investment in RFID), unencrypted email, wireless networks, data mining and caching. Not to mention threats to homeland security and the rights we've lost with the PATRIOT Act. It just doesn't end.
