[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: www.WhoWhere.com selling access to my employer's passwd file



On Sat, 27 Apr 1996, Rich Graves wrote:

> On Sat, 27 Apr 1996, Black Unicorn wrote:

> > [Unicorn of Color:]
> > I think you took my comment in a smaller scope than it was intended.
> > 
> > Use a nym.  If you want absolute privacy, work and study under a nym.
> > It's hardly difficult, you just have to start early.
> 
> I disagree that it's "hardly difficult" for most normal people. There are
> bits and pieces of helpful information around, but they tend to be in
> tax-protester-type rags that also contain a lot of loony stuff guaranteed
> to land you in jail. And many of them are just snake oil scams themselves.
> You know the difference, but I'm only starting to learn to, and Joe Schmo
> hasn't a chance.

It's an informational issue, not a logistical problem.  This much is true.

But think of it this way.  Joe Blow's house burns down, taking with it all
his documentation.  Even Joe Blow has to be able to replace it all even
with no credentials.  So what makes you and Joe Blow distinct when you're
standing in line to get those credentials?  That should give you some idea
of the (lack of) difficulty.

> 
> Anyway, I can't work for an organization like Stanford University without
> a real name and Social Security number.

I challenge this assumption.

> In theory, I suppose, that real
> name and Social Security number don't need to be the only ones I have.

Precisely.
 
> > Depending on someone else (university, employer, government,
> > phonecompany etc.) to protect data for you is, in my view, foolish.
> 
> In this case, I am the "someone else." How do I behave responsibly when I
> have thousands of people coming in every Fall with no clue about privacy
> issues?

[...]

> It was an uphill battle just to delink identity, location, and DNS
> registration. It used to be that you could pinpoint a student's name,
> address, and telephone number by their personal computer's static IP
> address. They weren't even told that this was possible. On yesterday's
> lovey-dovey research/educational Internet where everybody trusted
> everybody else, it was just more efficient for troubleshooters and system
> administrators to know where everybody was. Now, it's a scarier world, and
> we all know that, but it's tough convincing people to change a system that
> works. 

I applaud your efforts, but the 'one good administrator' can only do so
much.  In the end if people want privacy they have to work for it
themselves.  The goal in my view is to promote an atmosphere where that
kind of self-insurance is possible, not one that puts the responsibility
in the hands of government, or the system administrator.

> My personal choice has been (near-) complete openness, because I
> ironically feel more secure if it is trivial for certain very specific
> nutcases to verify that I pose no threat to them. I do not wish my enemies
> to be paranoid. Paranoid people break things.

The nice thing about paranoids, and other privacy invaders, is that when
they have an answer to a question they usually stop looking.  Provide them
with an answer.

---
My preferred and soon to be permanent e-mail address:[email protected]
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: [email protected]