DonationCoder.com Software > Finished Programs
DONE: perform random URL queries (Random Submitter)
Scott:
His objections begin: One, it doesn't hide your searches. Well, that's a "No shit, Sherlock" statement, if I've ever seen one. If you're searching for "al Qaeda recruitment centers," as Schneier uses as an example, I hope you are targeted. I think of things like TrackMeNot and Random Submitter as being for those of us who don't have a legitimate reason for DHS to knock on our doors.
Who the hell ever said this idea was designed to hide genuinely nefarious activity? The whole premise of that angle is idiotic.
Then he says Two, it's too easy to spot. There are only 1,673 search terms in the program's dictionary. Well, my Random Submitter word list is many times that size.
Then, he says In any case, every twelve seconds -- exactly -- the program picks a random pair of words and sends it to either AOL, Yahoo, MSN, or Google. I run Random Submitter from a command script. Everything is randomized... How many instances launch, what search engines are used, and even the submission interval within each instance.
Then, he says Three, some of the program's searches are worse than yours. This is true--as I pointed out above, the default TrackMeNot word list contains really idiotic words to search on. You have to sift through whatever list you'll be using, and remove crap like that.
Then, he says And four, it wastes a whole lot of bandwidth. This may be true; I admittedly never worried too much about it.
Then, he says I suppose this kind of thing would stop someone who has a paper printout of your searches and is looking through them manually, but it's not going to hamper computer analysis very much. Or anyone who isn't lazy. But it wouldn't be hard for a computer profiling program to ignore these searches. If you work a bit harder to randomize the submission intervals, I think this argument is quite mitigated.
He quotes another self-appointed security god, who says:
Imagine a cop pulls you over for speeding. As he approaches, you realize you left your wallet at home. Without your driver's license, you could be in a lot of trouble. When he approaches, you roll down your window and shout. "Hello Officer! I don't have insurance on this vehicle! This car is stolen! I have weed in my glovebox! I don't have my driver's license! I just hit an old lady minutes ago! I've been running stop lights all morning! I have a dead body in my trunk! This car doesn't pass the emissions tests! I'm not allowed to drive because I am under house arrest! My gas tank runs on the blood of children!" You stop to catch a breath, confident you have supplied so much information to the cop that you can't possibly be caught for not having your license now.
--- End quote ---
This argument relies on the search queries containing incriminating terms--but as I mentioned, you need to remove words like "mailbombs", "assassinate", and "rape" from your word list.
His suggested improvements are good, though:
If I were going to improve on this idea, I would make the plugin watch the user's search patterns. I would make it send queries only to the search engines the user does, only when he is actually online doing things. I would randomize the timing. And I would make it monitor the web pages the user looks at, and send queries based on keywords it finds on those pages. And I would make it send queries in the form the user tends to use, whether it be single words, pairs of words, or whatever.
--- End quote ---
Random Submitter already allows you to do some of these things.
He suggests using something like BlackBoxSearch.com instead. But ... who runs that web site? Why should I trust them? Is it actually run by the DHS? Do they log queries (regardless of whether they admit it or not)? Could they not have a massive data leak? Could their logs be subpoenaed or lost?
The bottom line, for me, is that if you take a bit of time to make it work, you can bury your real searches.
app103:
I was helping someone dig up some stuff for a school assignment, where he has to give a presentation about Google and privacy issues, and came across this thread.
If we all are tainting the database with bogus searches using all the red flagged bad keywords, then they wouldn't know who is really doing searches for this stuff and who isn't.
I think the purpose of it isn't really to hide your searches in the mess of bogus ones as to make the data unreliable to find people that really search for this stuff.
If Google ever complied with an order to turn over the IP's of everyone searching for anything bomb related and if half of everyone that uses Google was running something that submitted a search that matched, then half of all Google users would have their IP in that list...and it would be obvious that the data couldn't be trusted, and therefore tossed out as being useless.
I think that is the point of using bad keywords. The likelihood of the government wanting any result data would be more for those keywords first...and if they succeed with that, then they move on to other keywords...which has a higher privacy concern for ordinary people.
Screw up the data for the bad words and you send the message that the data can't be trusted ever...for any keywords.
Scott:
I think the purpose of it isn't really to hide your searches in the mess of bogus ones as to make the data unreliable to find people that really search for this stuff.-app103 (July 12, 2007, 12:37 AM)
--- End quote ---
They aren't mutually-exclusive ends.
If Google ever complied with an order to turn over the IP's of everyone searching for anything bomb related and if half of everyone that uses Google was running something that submitted a search that matched, then half of all Google users would have their IP in that list...and it would be obvious that the data couldn't be trusted, and therefore tossed out as being useless.-app103
--- End quote ---
Or, the number of people searching for bomb-making materials and such would still be low enough that the government could make your life a living hell if they decided to. Because surely, nowhere near half of Google users are searching for that kind of thing.
app103:
But if these tools became a lot more widely used, it would cause what I would call a 'Halloween Effect"
If you were going on a 'witch hunt' for 'real witches' and assumed that all 'real witches' wore 'tall black hats and capes'...what would be the one day of the year that you wouldn't want to go hunting? Halloween.
You would end up rounding up so many innocent people in costume, that you'd be wasting your time.
The goal of these bogus searches for 'bomb making' stuff is to make every day Halloween by dressing up everyone as a 'terrorist'. If it is done right and the government knows so many people do this then how reliable are they going to think any of the data is?
Scott:
But if these tools became a lot more widely used, it would cause what I would call a 'Halloween Effect"-app103 (July 12, 2007, 12:58 AM)
--- End quote ---
I completely understand that, and what I am saying is that I'm not about to be a "pioneer" who goes out in a witch costume! I'm not big on being burned at the stake while waiting for everyone else to catch on. :)
You make a good point, though.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version