[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [Dataloss] [ekmi] Re: fringe: Open source laptop tracking
While I agree with you, Allen, I think its too late for that. Don't Google, Yahoo, MSN, etc. have all this information already? Didn't Yahoo already turn over one dissident to the Chinese government already? (Aren't we all being tagged on this conversation already? :-) ) Arshad Noor StrongAuth, Inc. ----- Original Message ----- From: "Allen" <netsecurity@sound-by-design.com> To: "Arshad Noor" <arshad.noor@strongauth.com> Cc: "Matthew Rosenquist" <matthew.rosenquist@intel.com>, "security curmudgeon" <jericho@attrition.org>, ST-ISC@MAIL.ABANET.ORG, "ekmi" <ekmi@lists.oasis-open.org>, dataloss@attrition.org, "brian honan" <brian.honan@bhconsulting.ie>, "Brian Krebs" <Brian.Krebs@washingtonpost.com> Sent: Thursday, July 17, 2008 11:24:06 AM (GMT-0800) America/Los_Angeles Subject: Re: [Dataloss] [ekmi] Re: fringe: Open source laptop tracking Hi Gang, There is another issue in all this that is being neglected - the constant flow of data to a server somewhere about the activities of the person with the tracking software installed. It seems to me that we are putting leashes on ourselves to gain some minor "security" about the theft of our laptops. > Once downloaded onto a laptop, the software starts anonymously sending encrypted notes about the computer’s whereabouts to servers on the Internet. If the laptop ever goes missing, the user downloads another program, enters a username and password, and then picks up this information from the servers, a free storage service called OpenDHT. If I understand this correctly, data about your presence is saved (for how long?) on a server (that is controlled by whom?) in an encrypted form (how good is the encryption?) that can be use later to trace where the computer was the last time it was connected to the internet, or, perhaps, the next time it is connected to the internet. I see two serious privacy issues with this, data retention, and potential real-time tracking. Remember, the Gestapo used the Hollerith cards from the censuses of 1933 and 1939 to assist in rounding up Jews for the Holocaust. There is not a huge difference between that use of technology and the potential for its abuse today. I don't want to get into the politics of how this might come to be, but rather focus on the potential risks. After all there has already been on attempt to create military overthrow of our government during the chaos of the Depression years so the possibility can not be total ignored. (See retired Marine Corps Major General Smedley Butler's history for details) It seems to me as security professionals we owe a duty to not only see that what we propose works as intended, but in addition, it can not easily be subverted to work against the best interests of our society.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]