The Curmudgeonly Trainer

Here is the email I sent to the trdev discussion group that is referred to in the email sent to me by Kobus Kroger banning me from the group. His comments can be viewed in the banning email here.

I present it exactly as written, except for some highlighting. Note that this was never distributed since the moderators censor at times.

Subject:

A day or two ago, Bev posted her reasoning regarding taking protectived measures on the list, such as keeping the archives hidden, and so on. I started wondering about the usefulness of such techniques, so I decided to try a little test.

(the relevance here applies to those that teach aspects of the internet, develop policies, run lists, and for individual users, it will be obvious).

My reasoning was: Given a person who is way above average in her technical skills, and who is a lot more cautious and safety concerned in her internet use, what could a person find out about her on the
net in about 30 minutes. Given that Bev is the prime mover of TWO professional discussion list policies restricting access to those lists, I’d expect the result would be she’d be pretty hard to track.

So, I tried. Now, I’m not going to provide any details here, and neither am I going to ask Bev to comment on the accuracy, because that’d be inappropriate. What I “found” out is almost certainly not
perfect, and in a short time I couldn’t confirm some of it (if Iworked at it I could.) I used nothing but a browser, used no trickery or technical tricks and did nothing illegal or unethical.

So how protected can one be?

Answer. While I could see Bev took special care to protect herself, it all came to nothing. What I found (probably accurate to a degree):
her address and zipcode
appears to live on a corner lot
has a grey roof on the dwelling and looks like a tree on one side
appears to have some gardening space in the backyard
found her website and blog, largely abandoned
discovered some information about religious background (i think)
her age
places/states she lived in previously (probably)
possible information about her ethnic heritage and ancestry
other email addresses not public

(I also found, but did not include these in the email)
several places at which she took university courses, plus at least on place she worked and her initial job title
…there’s probably more. This is spending no money, and virtually no time, and looking at someone who is trying to protect.

If I wanted to spend about five bucks, I could also have checked legal records (was she ever busted), court proceedings (ever bankrupt, had a mortgage foreclosed), and on and on (I’ve never done that, but I understand it is easy.

So, this confirms what I expected. The ONLY way to protect against spam, and your privacy is a) NEVER use the Internet (don’t send email even private), or b) use anonymous mail everytime for your entire life, since even ONE slip can result in the ability for someone to jigsaw puzzle things together.

NO list policy makes a difference. The fact that Bev indicated elsewhere that she receives 200 spam messages a day should make that obvious. All security does is make it harder for legit people to use
a service, or contact you (if you are a business).

I haven’t even touched on the issue of how mail packets can be intercepted, social engineering can be used, passwords broken, keystroke loggers, phishing and trojans used, etc. Those fall into “malevolent hacking” that require know how I sure don’t have.

If I can find out so much personal stuff about a person who is trying not to be easily found, using simply a browser, what does that say about trying to protect lists and users.

The reality is, you can’t. It doesn’t work. There are better ways and education is one of them, hence this message.

If you are not permanently and completely anonymous re: your email addresses, email content, etc, forever, you can be tracked, found and found out about.

If you do a little to be more secure you are deluding yourself, since that stuff makes almost NO difference.