November 14th, 2003


The illusion of online privacy.

markpasc mentioned a way to use LJ as a type of Invisiblog, which would, according to Invisiblog's creator, give "political activists, independent journalists, whistleblowers -- anyone who is prevented from publishing by repressive laws or threats of violence" a secure, anonymous voice on the Internet.

My response to this is that yes, while pisting through Invisiblog is secure and anonymous, it *ISN"T* what is really needed -- it isn't safe.

In order to create any weblog, you can pretty much depend on facing at least seven security risks :

1> Computer access.
2> Internet access.
3> An account name.
4> A password.
5> An email address.
6> Content.
7> A personality.

Based on my experiences tracking down "anonymous" users for online abuse cases, I can say quite definitively that what Invisiblog is offering is just an illusion of security, and a pretty dangerous illusion for those who don't know better.

PGP and "untraceable" publishing via Mixmaster aren't going to help you much, if at all... because -- like posts made to existing services like Blogger, LiveJournal, etc. -- they are all pretty much equally insecure. The reason for this is simply because your greatest security threat isn't how you post to your weblog; your greatest security threat is you.

For those who know how to sift through it, content on a weblog gives away far more clues to a person's identity than the computer you use, its IP address, your account name, email address, password, etc. Anonymous posting only covers a small fraction of your security concerns, and there isn't a single service out there that cannot theoretically be subpoenaed for your information. Really, though, the amount of information that a service like LJ has on its users is not substantially more than what the average reader has on them... often, there is no real difference at all.

The history of the internet has numerous examples of people who tried to be anonymous and who were eventually outed. (The Kaycee Nicole fiasco and Salam Pax are two that come to mind...) Infact, I cannot think of one single major "anonymous" poster who has remained anonymous for more than a year or so. The more someone posts, the easier it is to determine who they are. You are literally allowing people to profile you.

Of course, if you put up photos or offer someone a way to get ahold of you, that allows others to track your identity via where you store your pictures, and even opens the door to social engineering, which is a huge security risk. Good social engineers can get you to reveal all sorts of damaging information... and sometimes, just planting information which is never responded to is an effective way to determine an individual's secret identity.

Social engineering is just one of those security weaknesses that come from being a human. Webloggers don't operate in a void. A new weblogger -- even an anonymous one -- usually starts out by "introducing" themselves in one way or another, spreading the word to the world that they are out there. The first people they introduce themselves to (and who, in turn, tell others about them) are also the ones most likely to know who they are IRL. They can log who visits their site and determines who links to them... and all of that information can be used to determine who is running an anonymous weblog, even if the weblogger posts anonymously.

Ultimately, posting anonymously isn't enough. Surfing anonymously is also needed, as is not giving away personal information, keeping your online and real life world seperated, not mentioning knowledge that would only be known by a limited amount of people or by people in a certain location at a certain time, not making friends who can be used to expose you, not having "thumbprints" such as a handle or password you've used before, etc.

Webloggers are rarely an island to themselves, which is kind of the point, really. You can't expect to have perfect security when you are, after all, telling everyone about your life, about your browsing habits, about the web services you use and the sites you visit, etc. Sooner or later, you can expect to be found out, so long as someone has a reason to do so.

In short, your best chance at remaining anonymous on the internet is to post nothing of interest to anyone... because as soon as you do, you're fair game.

And speaking about a lack of internet privacy...

I've finally had the inclination to futz around with my account at, which was actually quite useful for me the other day... I suspect it will get even more useful as it contunues to grow in size. It's starting to kick some serious Friendster bootay. I found out about a few interesting events, got back in touch with an old friend, and helped Justin find a writer's retreat. Spiffy.

The shocking thing to me is that they have a LiveJournal community there with a few hundred users on it and I didn't recognize a single one. Not one single person. Sure, that might not seem so odd to many of you, but for me, that's just fundamentally not right.

For those who haven't been assimilated yet, I suggest you snag an account while is still in beta. Vulture capitalizsts are talking about such apps as if they are the next big thing. Which they are, in a way... but really, I suspect that they will be in a way that doesn't necessarily entail a whole lotta profit. That, incidentally, is a good thing. Selah.

Birthday festivities soon!

So, I have my birthday coming up on Thurs. Dec. 4th... which means that I want to have a rather large party/gathering on either Friday the 5th and/or Saturday the 6th.

Now, I don't really want anything for my birthday in particular. To tell you the truth, there is very little that I need... but what I *would* like is to get a bunch of creative people together who'll help throw some great parties.

Here's what I am tenatively thinking...

5th - A party at our house in Santa Clara, w/ dancing, hot tubbing, and a fire in the backyard. Several tents and tent spaces will be available in the back yard, with the option of futons available inside the house for those who don't want to "rough it" for a night.

6th - Some sort of gathering/ night out in San Francisco. Maybe I will arrange to take over a bar or a nightclub for a few hours, in which case it might be from around 6-9, and possibly open to LJ'ers, friends of mine from other online communities, etc. After that, there would ideally be something more partyish/racy afterwards. This might entail moving the party elsewhere, going to Ocean Beach, to another house, etc.

I'd like these events to be collaborative in nature... not just my friends, but a really cool party for the whole extended tribe, with a lot of participation and free expression.

So, does this interest any of you?

Poll #205120 party poll

Would you like to attend the party in Santa Clara on Fri. Dec. 5th?

If I can get a lift.
Sorry, no. Conflicting plans.

Can you contribute skills/supplies/equipment/ideas to make the party cooler? If so, how?

Would you like to attend the party in San Francisco on Sat. Dec. 5th?

If I can get a lift.
Sorry, no. Conflicting plans.

Can you contribute skills/supplies/equipment/space/ideas to make the party cooler? If so, how?

Where should we party in San Francisco on the 6th?

At a nightclub or bar, esp. if you can get the place just for us.
In a house in San Francisco.
On ocean beach.
Let's have it back in Santa Clara again.
Somewhere else entirely.

Do you have any other suggestions where to party in San Francisco on the 6th?

If you need a lift or can offer a lift, please let me know which, for what date(s), and where you are located.