[ExI] inernet whiffenpoof, was: RE: Tracking your internet browsing

Sun Oct 27 13:59:21 UTC 2013

On Fri, Oct 25, 2013 at 10:04:39PM -0400, Mike Dougherty wrote:

> I don't think it matters enough to be worth the effort.

I entirely disagree. If you roll over before even giving a fight
it's only going to keep getting worse and worse. 

> It isn't about the search history in your browser.  Your ISP is spying on
> you.  They keep their own history.  Your shops are keeping their own

Exactly. Which is why anonymizing networks like Tor are only the
first step towards P2P infrastructure where the only cleartext
content comes from localhost, and none of that from anyone's
else's single localhost. The cleartext coalesces from a number
of globally sourced cyphertext streams, from opaque blobs
which do not have a fixed count and location.

Of course, that only makes sense when you can trust your own
system, which rules out proprietary software and hardware, and
only leaves open source hardware and open source software
*formally proven secure*. We're pretty far from that, but we
can be there in less a decade, if we set our minds to it.

> history.  Your government is keeping everyone's history.

Not everyone's. Some people have no history at all by way
of low-tech, yet others are taking the high-tech protection
route.

> Even simple narrow AI could examine the stream of data your script

A simple narrow AI can't break encryption. 

> (proposed, above) is generating and see the pattern over time.  Anything
> searched/requested from outside that stream would be human-generated.  In
> the case of allowing your friends to impersonate you, there is either
> "guilty by association" or an outright violation of terms of service ("you
> will keep your account/passwords secure")
> 
> I want to be more optimistic.  I'd like to believe that everyday people's

No. You should be as pessimistic as you can possibly be, and then multiply
that by considering unknown unknowns, including future unknown unknowns.

> everyday data isn't incriminating.  I want to assume that a large enough

Beria's motto was "show me the man and I show you the crime". We already
have enough law load that any person is commiting enough laws to bring
him into trouble, which is the whole point of harassment by selective
enforcement. Plus, people who know they're watched are going to behave
differently. 

> net catches everyone's weirdest interests and that my profile is simply
> lost in the crowd.  However, I've worked with big [-enough] data to also

Nothing is ever lost, given the limits of what can be stored. The only 
question is what kind of future query will light up your database slot.
Given that you're not clairvoyant, the only rational choice should be:
stop this practice (jail the offenders, defund the agencies, fire
your political representatives and keep firing them until you get 
these who can get it right) and until that happens leave as few
data trails as possible.

> suspect that there aren't enough people/profiles on earth for the crowd to
> be large enough to be lost among.

The whole model is wrong. A live redundant PByte storage is just a single rack.
The price point is small enough that you can add storage faster than
users can generate it. EByte/facility is easily doable, and there
can be several such. There are maybe 5 Gmonkeys who have a data trail,
and maybe 2 who have a significant data trail, so do the math.