jump to navigation

Protecting Privacy / Anonymity of an Online Identity February 17, 2017

Posted by ficial in brain dump, techy.
add a comment


Here are the easy steps-

1. Don’t say any / give any information that’s in any way connected to your offline identity (including avoiding biometric security)
2. Keep each private identity as separate from all other identities as possible.
3. Don’t use tablets or phones to access your private identity.
4. Use a randomizing service for creating email addresses, security question answers, passwords, etc.
5. Ideally, use the TOR browser to access your private identity. If not that, at least disable javascript, all ads, and any other active content, plus use private mode to access your private identity. And always use https. Preferentially use services that don’t track you (e.g. duckduckgo for search).
6. Limit what each identity is used for.

As always with security, nothing is ever completely safe. All mitigation efforts should be approached not as guaranteeing privacy, but simply making things a bit harder for an antagonist. Hopefully the antagonists resources and/or attention are limited to the point where the steps you take maintain your privacy.


There are three main actions an antagonist can take to attack the privacy of an online identity:
– coalesce : use overlapping aspects to link one online identity to another (i.e. note that two separate online identities are controlled by the same person), unifying them into a single online identity
– clarify : discover information that links an online identity to an offline one
– cohere : discover information that makes it easier to link one online identity to another; make an online identity ‘stickier’
Each of these actions makes all subsequent actions easier, creating a positive feedback network. Maintaining privacy requires addressing each area of attack. There are two basic approaches to mitigating each action. First, to the extent possible avoid providing information that supports that action. This works directly against the action. Second, provide misleading information to lead an antagonist to incorrect conclusions. This also works directly against the action, and has the secondary benefit of potentially disrupting the feedback network. Since the privacy of a known identity is, by definition, already compromised the remainder of this discussion focuses on anonymous and pseudonymous identities.

All three kinds of actions essentially boil down to adding or marking aspects of those different identities that overlap until one has enough overlap to safely consider them the same. Coalescing is matching non-known identities using various markers. Clarifying is matching an online identity with a (unique) offline one. Cohering is adding more markers thus making the previous two actions possible / more likely. Here are five categories of markers that might be used, from easiest to hardest; interestingly, that’s the both the difficulty for you to mitigate those kinds of markers, and the difficulty for an antagonist to make use of them.

1. ANY offline identity information (not only name, mailing address, demographics, etc., but also any mention at all of local geography, employment, familial connections, social connections, political connections, any biometric info, answers to security questions, etc.). This is probably the easiest sort of marker to manage – simply don’t provide that information. Some of that is easy – e.g. not using your real name – while others might require more self discipline – e.g. not mentioning the local weather, or avoiding passing along a link for some funny cat video. Also of note here is that a biometric security element can increase your data protection while decreasing your identity protection, so for any identity where privacy is tantamount look to security measures other than biometrics.

2. arbitrary information (usernames, passwords, email addresses, answers to security questions, expressed opinions, etc.). This is also fairly easy to manage, though it generally necessitates a bit more work. Where offline identity information can be excluded you can be required to provide arbitrary information. The two keys here are avoiding any connection to your offline identity, and avoiding any connections to any other online identities. The most straightforward way I can think of doing this is by relying on randomizers. Fully arbitrary information can use random strings, while human-readable info (e.g. email addresses) are better generated from syllables or words. The main challenge here is just keeping track of that information for your own use when you need it. NOTE: just in case it wasn’t completely clear, each identity should have a separate email address, password, security answers, etc.

3. passive technical fingerprints (basic browser/computer data, browser cookies, IP address, MAC address, timing of activity, etc.). These are things that your browser/computer sends out either by default or as a necessary part of being online. There are technical and legal barriers to an antagonist getting and/or using some of this information, but it’s also harder for you to manage. As a very simple, minimally disruptive step, get and use the TOR browser, use services that don’t track your info (such as duckduckgo for search), and always use https. Further mitigation can require significant changes in behavior and / or technical skill to deal with, though there are simple things that can help here too. A person with a lot of technical skill/knowledge can get caught up in dealing with these kinds of things and forget about the other kinds of markers that would let an antagonist simply bypass all the measures they put in place – if you have that skill and inclination, be careful not to neglect the other categories. Passive technical information can be broken into two main sub-sections: the device you’re using, and how you’re accessing the internet. For your device itself, that means the settings of the device, and the browser or other software you’re using online. The device and software should both be configured to send out the minimum information required to function, and/or to send out deliberately misleading information. Turn off bluetooth, cell modems, and other such things. Use private / anonymized, independent browser sessions (keeping in mind that your ISP can still see what data your computer sends out and receives). Save as little data as possible in your browser (no passwords, no form auto-fill, maybe even no bookmarks). You have much less control over the information related to accessing the internet, as a lot of that information has to do with the ISP you’re using. The easiest way to deal with that is to add variety. At home, cycling your modem or router may get you new IP addresses (depends on how exactly your ISP works) – do some research to find out before starting to do that on a regular basis, and keep in mind that your ISP will still have records that track your previous information. More broadly, be active in different places, especially in places/ways that are hard to correlate with other things (e.g. pay cash at the cafe where you’re using the wifi). Anywhere there’s free open wifi (or closed wifi where you can use non-identifying info/credentials) is potentially usable: restaurants (fast food , cafe, bar, etc.), transportation hubs, libraries, schools/colleges, museums, etc. If possible vary your activity times as well. For all of this kind of thing, app based devices (tablets, phones, etc.) are harder to secure because of the nature of the software acquisition/installation, the limits to user control of the devices, and the typical way they connect to the internet using a cell network.

4. behavioral fingerprints (word choices, idioms, topics covered, writing style, media subjects, realm of activity, browsing choices, social connections, etc.). This kind of marker is quite hard to mitigate because it’s tied to the heart of who you are and what you do. On the plus side, checking these kinds of markers is relatively hard. These kinds of things can also be a little bit harder for an antagonist to use passively, which means you’re less likely to be compromised by them by accident, but on the flip side if they are being used against an identity it means that identity has already somehow caught the attention of a strong antagonist (and you likely don’t even know, since checking these things generally won’t send any kinds of alerts to you). These markers tend to give probabilistic results rather than direct matches, and even getting those requires quite a bit of knowledge, skill, and work. The simplest mitigation here is compartmentalization – keep an identity focused on one particular thing/area and keep it away from all others, especially ones in which you have a different identity active. Related to that, keep any social connections for this identity separate and different from that of other identities. The second relatively easy thing to do here is to limit what is available to use. Making these kinds of fingerprints requires content, and the more content available the better quality the fingerprint. So, don’t write much / provide much media, and use a plain/standard style as much as you can. Using ephemeral identities can also help a bit for this realm.

5. active technical fingerprints (non-cookie tracking, script-based browser/computer analysis, detailed timestamp matching, malware, etc.). This kind of marker is tied to the deeper aspects of the technology you use, from the browser/device you use to the services/sites you access. Dealing with this category of marker requires an antagonist to have a lot of technical skill / resources. These kinds of things are also often limited particular sites/services. Probably the easiest way to deal with these (though still not actually easy) is to use ephemeral virtual machines along with highly compartmentalized identities. That being said, turning off javascript and any other active page elements, using an ad-blocker, and avoiding suspicious files / links can also help a lot with this kind of thing, and those are actions that are easy for a non-technical user to do with only a little research/work and discipline.

Online Identities: Transparency and Separation February 14, 2017

Posted by ficial in brain dump, techy.
add a comment

There are two main axes to consider when thinking about the privacy of an online identity: transparency and separation. Transparency is a measure of how closely linked an online identity is to an offline one. This ranges from recognized to pseudonymous to anonymous. Separation is a measure of how connected an online identity is to another online identity of the same person. Separation ranges from associated (least separate) to isolated (most separate).

In recognized transparency level there is a clear link between your online and offline life – your online identity uses your real name, notes your physical address, has your main phone number, references other aspects of your life (work, family, etc.), and so on. This is typical of social networks that allow leverage from offline relationships (e.g. facebook, linked in, etc.). A person only ever has at most one recognized identity – all other identities that get linked to it become just another aspect of that single recognized identity.

In pseudonymous transparency level you have a persistent online identity, but there is a clear break between it and your offline life – no real name or other contact or demographic info, personally identifying information is deliberately minimized, etc. You can participate in social networks, have a reputation, build relationships, and so on, you just can’t build anything using your offline resources. A person can have any number of pseudonymous identities.

In anonymous transparency level not only is there no connection to your offline life, there isn’t even a persistent online identity. Actions and interactions are stateless – you have no reputation or connections to give you weight, nor to weigh you down, and each anonymous action/interaction is distinct from others. (note: if it’s not distinct then the transparency level is actually pseudonymous, not anonymous). Anonymous actions either are not identified (e.g. a comment that does not require a username to be given, or that is made from a general, public account), or have a one-use identity (e.g. a comment using a throw-away account).

These transparency levels aren’t general states, but instead describe the knowledge-of-identity relationship between one of your online identities and someone or something else. For example, one could be recognized to a given group, have multiple pseudonymous identities in another community, and be totally anonymous in all other online actions. An antagonist is something that tries to shift towards recognized the transparency level of that relationship between you and it.

An antagonist has three operations at its disposal: coalescing, clarifying, and cohering. Coalescing is linking two or more online identities into a single one. In coalescing transparency is dominated by recognition – any online identities that are linked become an single identity which has the privacy transparency level of the most recognized of the pre-linked identities. Clarifying is increasing the transparency of an identity via research an analysis (e.g. checking metadata, searching posted info for clues, etc.). Cohering is increasing the association of an online identity via research and analysis (e.g. device fingerprinting, social network comparisons word use patterns, etc.).

These operations form a fully connected positive feedback network – the result of any operation makes all subsequent operations easier. Three key consequences are that the transition from anonymous or pseudonymous to recognized can happen very quickly, that small footholds can easily lead an antagonist to recognition, and that protecting privacy means dealing with all three operations. This in turn means that building and using a truly, robustly private/not-recognized online identity requires extreme discipline.

Addressable Threats and Politics October 28, 2016

Posted by ficial in Blogroll.
add a comment

What with the election and all I’ve been thinking recently about what candidates talk about and focus on, and how that compares to what I think probably should be the major issues. In my mind these boil down to various kinds of threats which we have the potential to address (if there’s no way to address it – mitigation or avoidance – then it’s not really worth talking about – e.g. Yellowstone super-volcano). These sorted themselves into 6 categories, from worst to… less-worst, I guess.

  1. Extinction Events – no more humans to speak of
  2. Global Collapse Events – no more modern civilization to speak of
  3. Political/National Collapse Events – no more country to speak of
  4. Way-of-life Collapse – things just aren’t good (anymore)
  5. Indirect Issues – things that aren’t directly any of the above but will / may lead to one or more of them
  6. Ideological Issues – essentially, matters of opinion (the line between this category and the one above is blurry)

Politicians (in America, anyway) seems to mainly focus on 4 and 6, with a bit of 5, even less of 3, and basically nothing at all on 1 and 2. While 4-6 are important, they really are less important than 1-3, and I wish there was more focus and action on threats at those levels.

Here are the actual addressable threats and categorization I came up with:

Extinction Events – no more humans to speak of
– super impactor
– global nuclear war
– super-plague (natural or engineered) – global, highly lethal
– hostile super-intelligence
– state-shifting climate change – ice-world, hell-world, poison air, etc.
– artificial black hole
– grey goo – nanotech eats everything, everything organic, or similar

Global Collapse Events – no more modern civilization to speak of
– global food-chain destruction
– global water supply destruction
– maybe strong AI? probably not (see Corporations)
– catastrophic climate change
– limited nuclear war
– major impactor
– blue goo – nanotech eats key resources
– super-plague (natural or engineered) – global, highly lethal
– hostile super-intelligence
– climate change – continental catastrophes

Political/National Collapse Events – no more country to speak of
– continental/regional water supply destruction
– continental/regional food-chain destruction
– minor impactor
– super storm
– civil war – open fighting at all levels; vertical divide(s)
– national / continental revolution – internal low-level and broad fighting against mid- and high-level
– coup – internal high-level take-over / replacement, existing systems replaced / dismantled
– dissolution – internal mid- or high-level obstruction / dismantling
– exodus – internal low-level and broad departure
– invasion – external take over
– maybe strong AI? probably not (see Corporations)
– grey- or blue-goo outbreak, contained at large scale
– super-plague (natural or engineered) – moderately lethal
– targeted-plague (engineered) – highly lethal
– climate change – regional catastrophes
– economic collapse
– hostile super-intelligence

Way-of-life Collapse – things just aren’t good
– unemployment
– poverty
– immorality
– oppression
– large-scale stealing
– corruption
– loss of the commons
– abandonment / left-behind
– infrastructure decay
– fossil fuel depletion
– super-plague (natural or engineered) – low- or non-lethal, but disruptive / disabling over long term
– climate change effects – local catastrophes, regional problems
– economic decay / descent
– coup – high-level take-over / replacement, existing systems left largely in place
– civil breakdown
– invasion – external attack
– conceptual exodus – internal low-level and broad disengagement (i.e. leaving, just not physically)
– regional / local revolution(s) – internal low-level and smaller-scale fighting against mid- and high-level

Indirect Issues – things that aren’t directly any of the above but will / may lead to one or more of them
– culture shift
– technology disruption
– strong AI
– corporations
– global isolation

Ideological Issues
– things that are working but that should be different / ought to be a particular way
– sub-optimal-but-sufficient things
– opportunities, potentially lost
– prioritization


What does an LMS offer? March 8, 2016

Posted by ficial in brain dump, Instructional Technology, LMS.
add a comment

The spectrum of LMS use can be divided into three general realms: administrative, organizational, and pedagogical. Administrative functions fulfill needs relating to the non-academic overhead of giving and receiving an education: managing course enrollments, providing communication channels, collecting assignments, scheduling, etc. Organizational functions improve the management of information and resources related to instruction: providing access to information whenever it’s needed, placing information into useful, usable groups, searching available information, handle various formats, etc. Pedagogical functions expand and refine the tools that instructors and students can use in the teaching and learning process: asynchronous discussion forums, auto-graded quizzes with immediate feedback, limited-audience authoring experiences, collaborative creation projects, etc.

In the administrative realm, an LMS integrated with other campus information systems offers a clear improvement over doing things piecemeal and by hand. This gives a better experience for students and significantly helps instructors through greater reliability (and auditability), increased consistency of experience, reduced non-academic workload, fewer distractions, some automation, and enhanced versions of traditional tools. Making use of the administrative aspects of an LMS requires little to no work or input on the part of instructors or students; an LMS provides a large net gain in the administrative realm.

In the organizational realm, an LMS allows an instructor better control over how students receive their information for the course, more flexibility in adding, removing or rearranging information, a wider array of information that be be offered, the ability to front-load information management work (allowing more efficient use of time), and preservation of the information associated with the course. For students, an LMS offers a single place where course information can be found and processed, access to that information whenever it’s needed, and the presentation / arrangement of that information that the instructor has determined is most effective. For an instructor to make use of the organizational aspects of an LMS requires him or her to find or to provide information in an electronic format and to organize and to present that information using the tools in the LMS; for instructors an LMS typically provides somewhere from a small loss to a moderate gain in the organizational realm, depending on the information being managed and the instructors comfort with the tools. For a student, taking advantage of the organizational aspects of an LMS requires little to no work or input; for students an LMS provides a large net gain in the organizational realm.

In the pedagogical realm an LMS can offer tools and techniques that would otherwise be impossible or impractical. These can be subdivided into enabling technologies (such as the ability to deliver video, electronic slideshows, etc.) which allows an instructor or student to extrapolate traditional pedagogical methods into the digital world, and alternate technologies (such as asynchronous forums, virtual environments, instant assessment, etc.) which allow exploration of new pedagogical models. Making effective use of the pedagogical aspects of an LMS requires lots of hard work on the part of both instructors and students, but teaching and learning takes a lot of hard work without an LMS as well; the net gain or loss in the pedagogical realm is highly situation-dependent, though an instructor would not invest the time in pursuing this use of an LMS in a particular situation unless he or she had a reasonable expectation of a net gain.

Specific functionality could fall into more than one realm, depending on how students and instructors apply it.  While a given application could be assigned to a given realm, this realms concept might be more useful in a comparative role; e.g. posting a course reading is more pedagogical than posting a syllabus and more organizational than discussing the reading in a forum.

Due to its set of functionality in the administrative and organizational realms and to its integration with other campus infrastructure, an LMS is very useful  for campus organizations and groups in addition to course-oriented academic purposes – ideally an LMS works well for organizations and groups.

Mastery levels of programming December 16, 2015

Posted by ficial in brain dump, techy.
add a comment

Programming language and/or framework levels/stages of understanding/mastery:

  1. black box – little to no understanding
  2. code comprehension – can look at source code and understand what a given piece of code is doing
  3. code adjustment – can make small changes to source code to adjust existing behaviors
  4. program comprehension – can look at a collection of code and understand (roughly) what the program does and how it works
  5. program adjustment – can alter the behavior of the program as a whole
  6. program extension / code creation – can add new behavior to an existing program
  7. program creation – can write a new program from scratch
  8. code evaluation – can distinguish between good and bad code (and why)
  9. program evaluation – can distinguish between good and bad program design choices (and why)
  10. meta evaluation – can discern the areas/ways in which the language/framework is good and bad (and why)
  11. meta adjustment – can make changes to the language / framework
  12. meta creation – create new language / framework

Also, this is worth a read: https://www.reddit.com/r/math/comments/1mtian/mathematicians_of_reddit_is_there_some_point/cccitg2