Skip to main content

I've been a bit swamped this week, so I've missed out on most of the NSA/Verizon wiretapping/PRISM brouhaha.

I'm sure many others have made similar (or the same) point that I'm about to, but screw it; if I'm repeating something, so be it.

In addition to being a website developer, I also provide website hosting services for most of my clients. I prefer that my clients use my hosting service, partly for obvious business revenue purposes, but mostly for consistency; I know exactly how my servers are set up and configured, what parameters/capabilities they have and so on. I don't have to worry about installing a script that requires PHP 5.3 on a clients' site only to find out that their server only has PHP 5.2, and so on.

This also means that most of my clients host their email services through me as well.

Now, let me be clear about this: I have never spied on my clients email, and I never would. Not only would doing so destroy my reputation, lose my clients and almost certainly be illegal (which I realize is also one of the major points of contention wrt the NSA controversy)...quite frankly, it would be boring as hell for the most part.

I have no interest in knowing how many widgets this or that client produced last quarter, or whether they're having some sort of legal spat with one of their own customers (unless the dispute involved a problem with the website functionality, of course), any more than they give a crap about my own internal goings-on.

However, all of that is besides the larger point, which is this:

I could do so if I really wanted to.

I know this may sound pretty obvious, but the following conversation has occurred between a client and myself on more than one occasion:

Client: "Hi, I'm having problems with my email account."

Me: "Have you tried...(laundry list of possible culprits, ranging from their actual internet connection being down, to the server's security setting blocking their IP address due to them mis-entering their password too often and a number of other common causes)?"

Client: "Yes, I've tried everything."

Me: "Hmmm...ok, well, once in a blue moon I've run into a situation where a large, corrupt file attachment will gum up a clients' email account. To check for this, I'd have to take a look at the actual messages in your inbox on the server. Do I have your permission to do so in this instance?"

Client: "Sure, I guess so...but I don't remember my password."

Me: "That's OK, I have it right here."

Client: " do??"

Me: "Uh, yes...I'm the one who created your password for you in the first place, remember?"

Client: "Oh...right. I forgot."

See, that's the thing--they often completely forget that if I actually wanted to--in spite of how stupid, pointless and self-damaging it would be to do so--I could read their mail anytime I wanted to. In fact, I don't even really need their password to do so; with root access to the server, I could simply view the raw email message files directly.

And, of course, even though I don't spy on my clients, there's always the outside possibility that someone at the actual hosting service itself is (although they, too, have a policy against doing so without the express permission of the client). And even though they don't either, who the hell knows what's going on at the ISP or hosting service of whoever sent the email to them (or received it from them)?


For all the screaming people do about Facebook's ever-changing, never-certain "privacy policies", the truth is that ultimately it doesn't really matter what their official "policy" is; there's still plenty of people who work there who could, if they really wanted to, spy on your account any time they wanted to. Perhaps they'd be fired and/or charged, or perhaps they wouldn't...but that wouldn't change the fact that they could do so before getting busted.

You know how Facebook has a strict policy about what photos you're allowed to upload and which ones you can't, due to them violating their terms of service (or being flat-out illegal, like child porn)? Have you ever wondered just how they actually enforce that policy? Guess what: Every time you upload a photo to Facebook, whether it's a pic of your kid playing soccer or your college roommate lying passed-out on the bathroom floor, there's the distinct possibility that a complete stranger somewhere in Turkey, the Philippines, Mexico or India is taking a look at it for $1 per hour in order to decide whether it's OK to post in your gallery or not.

It doesn't matter whether your Facebook "privacy" settings are open, friends only, or locked down to just yourself--someone halfway around the world is checking out your "selfies" to make sure it isn't something especially revolting or illegal.

It's the same thing with Comcast, TW/RoadRunner, Wide Open West, Verizon (obviously), AT&T, T-Mobile, Sprint...all of them. Apple, Twitter, Google...doesn't really matter. No matter what they claim that their policies are about privacy and access, the fact remains that the moment you post something online, whether it's an email, text message, tweet, Facebook post or comment, photo or other file upload, or even a fax (plenty of people still using these, believe it or not)...the moment that you transmit any sort of data electronically, someone not only has the ability to access it, but can usually duplicate it and store it elsewhere.

Hell, check out this 3-year old story from CBS News about the terabytes of sensitive data stored on old copiers that most people don't even realize store:

That's right--think about how many times you might have had a copy made of your driver's license, social security card, medical records, school transcripts, etc. on a copier at Kinko's or wherever without thinking about it. It's all there, somewhere.

Deleting your emails doesn't mean that the recipient deleted their copy, and even if they did, it's always possible that any number of other people along the chain could have nabbed a copy of it as well.

The truth is, the main reason why this is unlikely to be the case in most situation isn't because of technical inability or for legal reasons--it's because, quite frankly, in the vast majority of cases, no one gives a crap.

Seriously, there's so many terabytes of mundane, everyday flotsam & jetsam floating through the internet at any given moment that 99.999% of it is utterly meaningless to anyone other than the sender and recipient (and in some cases, perhaps not even them).

On the other hand, it's also astonishing to me how many people willingly post the most incredibly personal information about themselves openly and publicly on Facebook etc. every day, without giving it a second thought.

When my wife and I found out we were expecting our child, we didn't tell a soul outside of her doctor and our parents--who we swore to secrecy--for the first trimester. Why? Because the first trimester is when you're at the biggest risk of miscarriage. This is one of the most personal experiences either of you is going through, and some things are just for you and your partner alone. Once you're reasonably out of the woods, of course, tell family, friends and so on...but play it close to the chest for awhile.

However, I have friends who've actually posted their ultrasounds publicly as early as 6 weeks into the pregnancy. I know people who've discussed their suspicion--suspicion, mind you--of their partner possibly cheating on them in an open Facebook forum. For that matter, I've known people to brag about cheating on Facebook.

None of this has anything to do with whether the revelations about the NSA accessing gobs of private citizen data mean, legally, Constitutionally, or even ethically or morally. I'm just saying that, when it comes to data privacy, for good or for bad, the train left that station a long time ago.

I've been posting on dKos for nearly 10 years, including hundreds of diaries and thousands of comments. Some of what I've written would sound horrifying out of context, and some of it sounds pretty bad even in context. And it's all out there. Even if Kos were to get taken down tonight and their entire database and backup files were wiped...Google would still have a cached version of much of the content, as would anyone else who happened to save a copy of those posts before the wipe.

I don't think I'll ever be able to run for public office, since even the most basic opposition research (ie, a Google search) would turn up all sorts of material to hit me with.

I don't regret just about anything I've written (ok, there's probably a few exceptions). For the most part, I meant what I've said. However, I'm sure I've lost clients because of some of this (though I wouldn't know if this is the case, since presumably they would reject becoming a client of mine before even calling or writing me). Then again, I believe I've picked up one or two clients because of my rantings as well, so it's probably a wash in the end.

Does all of this mean that you should just give out your SSN and passwords to the world? Of course not. Locking your doors and enabling an alarm system at night isn't going to stop someone who's truly intent on breaking into your house from doing so--but it will certainly prevent anyone except a hard-core burglar from doing so.

Bottom line: Any time--ANY time--that you post ANYTHING online, from a snarky quip to a business email to your credit card or social security number, be advised that there's ALWAYS the possibility that someone, somewhere has access to it who shouldn't, even if it's not the case intentionally.

Your Email has been sent.
You must add at least one tag to this diary before publishing it.

Add keywords that describe this diary. Separate multiple keywords with commas.
Tagging tips - Search For Tags - Browse For Tags


More Tagging tips:

A tag is a way to search for this diary. If someone is searching for "Barack Obama," is this a diary they'd be trying to find?

Use a person's full name, without any title. Senator Obama may become President Obama, and Michelle Obama might run for office.

If your diary covers an election or elected official, use election tags, which are generally the state abbreviation followed by the office. CA-01 is the first district House seat. CA-Sen covers both senate races. NY-GOV covers the New York governor's race.

Tags do not compound: that is, "education reform" is a completely different tag from "education". A tag like "reform" alone is probably not meaningful.

Consider if one or more of these tags fits your diary: Civil Rights, Community, Congress, Culture, Economy, Education, Elections, Energy, Environment, Health Care, International, Labor, Law, Media, Meta, National Security, Science, Transportation, or White House. If your diary is specific to a state, consider adding the state (California, Texas, etc). Keep in mind, though, that there are many wonderful and important diaries that don't fit in any of these tags. Don't worry if yours doesn't.

You can add a private note to this diary when hotlisting it:
Are you sure you want to remove this diary from your hotlist?
Are you sure you want to remove your recommendation? You can only recommend a diary once, so you will not be able to re-recommend it afterwards.
Rescue this diary, and add a note:
Are you sure you want to remove this diary from Rescue?
Choose where to republish this diary. The diary will be added to the queue for that group. Publish it from the queue to make it appear.

You must be a member of a group to use this feature.

Add a quick update to your diary without changing the diary itself:
Are you sure you want to remove this diary?
(The diary will be removed from the site and returned to your drafts for further editing.)
(The diary will be removed.)
Are you sure you want to save these changes to the published diary?

Comment Preferences

  •  It's like trying to hide an elephant in your (5+ / 0-)

    closet, some part always sticks out.  So much data is restricted that it can't be real and there are on the other hand many people who have access to this data.  Look at Mr. Manning he did not have a high rank but was able to release 700,000 documents.  It just boggles the mind to think of the useless stuff under restriction by the powers that be and it won't work, there's too much stuff and too many people have access to it, so why not all of us?  It seems like there is no standard for restriction just when in doubt restrict.

  •  Yup (15+ / 0-)

    I don't want to take this too far, as I am genuinely pissed off about all this NSA stuff, best I can tell, the call metadata and similar email stuff has been mined, bought and sold by google and all the telephone companies for years.

    I mean this literally.  Admittedly, google can't charge me with treason (yet), but they automatically read all my Gmails and create stupid fucking ads based on them (which seem to center on night vision goggles and ballet clothing--I don't understand either).

    Given the way things work, I am genuinely not sure if I would rather have the government or big business having all this info on me...but I have long known that my digital life is a product being bought and sold among large corporations.

    "Empty vessels make the loudest sound, they have the least wit and are the greatest blabbers" Plato

    by Empty Vessel on Sun Jun 09, 2013 at 06:22:34 PM PDT

  •  Big Data (15+ / 0-)

    Big Data is the latest buzzword in technology circles.  I attended a conference a few weeks ago, attended by technology leaders from all of the F500 companies.  Here are three examples I heard in that conference:

    1. The McDonalds app (why anyone would download it is beyond my comprehension) is tracking people's commutes to and from work.  If it sees you are running late, it will push you an instant coupon for an egg mcmuffin.  True story.

    2. The Sierra Club is considering teaming up with REI or other major retailers to put air and water sensors into clothing.  Think fly fishing in montana with boots that collect water consistency data as you fish and send it to a massive Sierra Club database.  That's great right?  Climate change in a nutshell.  Except for the fact that you willingly sacrificed your own privacy for the cause.

    3. Target knew a 16 year old was pregnant before her own father, based on high-powered analytics on purchasing data.  True story, look it up.

    Microsoft is advertising 10X the processing capability in the latest version of SQL server.  The only remaining barriers to 1984-style information analytics are falling quickly by the wayside.

    It's not so much about email passwords.  It's about Big Data.  The fact that people are concerned about the NSA spying tells me that, frankly, they are idiots.  Corporate America is waaaaay beyond what the NSA is doing already, and it is advancing quickly with the help of Big Tech.

    Blind Faith in Empty Language is Not Patriotism

    by ColdFusion04 on Sun Jun 09, 2013 at 06:24:19 PM PDT

    •  My Shorter Way of Putting It: (5+ / 0-)

      privacy is a physical impossibility.

      There is no way consistent with ordinary common sense and our system of government for people to know or verify what is and isn't being done with data about them.

      We are called to speak for the weak, for the voiceless, for victims of our nation and for those it calls enemy.... --ML King "Beyond Vietnam"

      by Gooserock on Sun Jun 09, 2013 at 06:32:21 PM PDT

      [ Parent ]

      •  I somewhat disagree, with a few simple rules (7+ / 0-)

        1. Stay off Facebook.
        2. Stay off Twitter.
        3. Stay off Linkedin.
        4. Turn off location tracking on your smartphone, and never ever agree to allow it.

        Those four things will go a long way to keeping you off the big data grid.

        Blind Faith in Empty Language is Not Patriotism

        by ColdFusion04 on Sun Jun 09, 2013 at 06:36:04 PM PDT

        [ Parent ]

        •  To Clarify - (0+ / 0-)

          There is certainly a lot of other data about you that is available, but the above 4 that I listed are currently the focus of most Big Data initiatives.

          Blind Faith in Empty Language is Not Patriotism

          by ColdFusion04 on Sun Jun 09, 2013 at 06:38:54 PM PDT

          [ Parent ]

          •  what absolute nonsense (0+ / 0-)

            you're way out of your depth here CF04.

            Consumer credit-card transactions occur at the rate of upwards of 200 000 per second.

            THIS is where the money is. Of course FB, LI etc. are mining data, but to claim that this is the "focus of most Big Data initiatives" is just wrong unless you preface that with a whole bunch of definitions of exactly what you mean. I suspect in your case you just need to copy-paste from the PPT slides of the conference you were at. I get the impression that some of this stuff went over your head

        •  I Meet All Conditions But I Must Maintain a Web (3+ / 0-)
          Recommended by:
          dizzydean, gramofsam1, DRo

          site for my biz. Because I comment here, I'm in the grid and associated with my biz.

          Our system was not premised on the average reasonable man needing to drop out of the mainstream public square in order to have privacy.

          Of course, it also was not premised on the economy of its own time, it was a hundred years out of date when it was built.

          We are called to speak for the weak, for the voiceless, for victims of our nation and for those it calls enemy.... --ML King "Beyond Vietnam"

          by Gooserock on Sun Jun 09, 2013 at 06:46:59 PM PDT

          [ Parent ]

        •  I meet all 4 criteria. I don't even have a (2+ / 0-)
          Recommended by:
          cotterperson, dizzydean

          smartphone - don't need one.  Have a 'regular' cell phone and turned off the tracking on it.  Also turned off access to the data functions as well, so I don't accidently press the key to the data functions and incur data fees since the plan doesn't include data service.

        •  no they won't (0+ / 0-)

          most data is gathered from:

          1) web-browsing behavior (cookie-based clickstream tracking)

          3) grocery checkouts - every item you buy is a data-point for a)store b)credit-card co. c)manufacturer of the item

          2) credit-card transactions in general - restaurant, auto-repair, etc.

      •  many of you are descriging it in ways that (0+ / 0-)

        thats a false frame

        you aren't even using the definition of privacy

        You are coming up with an absurd standard where if someone wants to have protections in place they are being unrealistic

        here's just one example- i the government wants information on people, they can always do so through going to court and asking for hte right if a set of circumstances are met

        That limits the access enough to balance privacy with the need for security

        its not either or and these statements about privacy are just false frames

    •  What your coment tells me is the arrogance (1+ / 0-)
      Recommended by:
      Richard Lyon

      of ignorance is not limited to the people you choose to judge

      There are attempts right now to regulate everything you describe from self regulatory approach like "do not track" lists to comphrensive approaches being pushed (but blocked by corporate forces) in the EU

      This simple minded notion that you either accept the fact that all your data is now public (something pushed by Facebook types) or none of it is is absurd

      The real questions are far  more complicated

      Or to put it the way I once heard- there's a lot of terrain between having your skirt up over your neck and having it down below your feet.

    •  "My daughter got this in the mail!" -re: #3 Target (3+ / 0-)
      Recommended by:
      DRo, 207wickedgood, wilderness voice

      not only predicted it, but outed her by sending coupons for baby furiture to her home

      Target says they became so in tune with their consumers based on their spending habits, their next focus had to be on masking the obviousness in their work.

      'If we send someone a catalogue and say, ‘Congratulations on your first child!’ and they’ve never told us they’re pregnant, that’s going to make some people uncomfortable,' Andrew Pole, a statistician with Target told the New York Times' Charles Duhigg.

      The effort was to avoid a creeped out, stalker-like feeling from their targeted customers.

      (my emphasis)
    •  Amen (2+ / 0-)
      Recommended by:
      CA Nana, nchristine
      Corporate America is waaaaay beyond what the NSA is doing already, and it is advancing quickly with the help of Big Tech.
      I wish more people were concerned with this.  As far as I know the government has never misused data about me.  But I am certain of a number of corporations who have (credit reports, anyone?) and am aware that an army of them have gathered, sold and re-sold personal information for their profit, not mine.  And I have no say in the matter.

      Be the change you want to see in the world. -Gandhi

      by DRo on Mon Jun 10, 2013 at 04:59:36 AM PDT

      [ Parent ]

    •  wrong in so many ways let's try to count (0+ / 0-)

      Big Data isn't the "latest" by a long shot. It's so old every major software vendor has had BD "missions" long enough to have failed on some of them.

      Tech leaders of all F500 companies? Care to name the conference? I'll warrant this isn't true - it's an extremely rare conference that will get ALL the F500 CTOs.

      What's this "Big Tech" you're talking about? Did you make that up?

      What's your evidence that corporations are "waaaay" ahead of NSA?

      "The only remaining barriers to 1984-style information analytics are falling quickly by the wayside."  -care to support this jawdropping incredibly sweeping statement?

  •  I first went online I assumed (4+ / 0-)

    that every site visited and every word posted was being stored somewhere. The safest course in an electronic Panopticon, is to keep your head down,

     or off the grid.

    "The human eye is a wonderful device. With a little effort, it can fail to see even the most glaring injustice." Richard K. Morgan

    by sceptical observer on Sun Jun 09, 2013 at 06:36:43 PM PDT

  •  I get some very useful services from Google. (3+ / 0-)
    Recommended by:
    bruh1, Another Grizzle, nchristine

    I am fully aware that in using them I am putting various personal information out where it can be picked up and perhaps abused. I am in a position to make some fairly rational decisions about trade offs. If I think that Google has breached its responsibilities to me I do have some legal recourse.

    When it comes to the US government I am in a much more powerless position. I don't give my consent for them to collect information. They claim to be doing it for my own good, but I'm not allowed to know what they think they have accomplished in specific terms. Today's revelations from Edward Snowdon give the impression that their security arrangements are particularly lax.

    Yes there is no such thing as total privacy as soon as you tell something to another person. But, that doesn't mean that there is no reason to be concerned about government abuses.  

  •  You are right about the tech. Wrong about the law. (5+ / 0-)

    Broadly speaking, i won't get into the tech. I will talk about the legal end.

    While you may have access the data on your clients server, legally you can't do whateveryou want to with that access.

    The law limits your ability to do so without a number of steps being in place to protect your clients from your actions.

    Some of these are asa a result of federal law, but some are state laws. And if you deal with clients from abroad, there are likely to be more strigent laws in the EU

    That's not even getting into the various self regulatory regimes like PCI compliance.

    Facebook tried to do what you describe a few years back and were hit with a case from the FTC

    More than that, there are other considerations- the privacy policy that you say means nothing is actually the source of not only regulatory compliance issues, but also contract law and other standards

    All of this adds up to a transparency that while not great is nothing approaching what is being described with the NSA.

    The problem there is no merely their access. Its the fact there are no limits on what they can do with the data. We have no checkes, no opt in or out, no full disclosure, etc.

  •   this is a very interesting diary. (0+ / 0-)

    I just wrote something about this same subject, and yes, I am pimping my diary, “ A spy–free zone”.

    I think that establishing protected zones personally may be part of the solution. I plan to do so, and if possible more and more often. I know that people hate to be separated from their cell phones, but they're just going to have to get used to it around me. And this also means that I won't answer all of the calls that I get; to that all I can say is “tough breaks”.

    Focus on the love! The Republicans can keep the disco.

    by Mr Horrible on Sun Jun 09, 2013 at 06:41:23 PM PDT

  •  Holy crap, facebook is actually proactive about (1+ / 0-)
    Recommended by:

    that sort of thing?

    Last time I was paying attention, back in the usenet era, everyone was as hands-off as possible, and it took someone actually notifying the hosting ISP to complain about a copyright violation or illegal image for it to be removed.

    •  Well, again, officially they say they only do this (0+ / 0-)

      ...if someone does complain...but that's all it takes, and there's nothing technically preventing them from sending uploaded pics to whoever they want to for review, regardless of whether anyone complained or not.

      Again, the sheer volume of photos (over 300 MILLION per day) means that it's quite simply not physically possible for the FB staff to review every single one...and again, like most of the other data flying around, most of it they don't really care about. The point is that there's absolutely nothing technically preventing them from doing so, regardless of what laws are in place.

      Doesn't mean we shouldn't have the laws, of course.

  •  My thoughts (3+ / 0-)
    Recommended by:
    Brainwrap, nchristine, fou

    Lots of good points in this diary. Here's some ideas that have been going around in my head the past few days, and this is as good a chance I've gotten so far to type them.

    I've had a cell phone for 12 years. I've never been a big cell phone user. With only a couple of exceptions, my cell phone conversations have been strictly business. The reason is simple; when a conversation goes out over the air waves, there's no way I'll consider it secure.

    I've been a major email user for a lot longer. I've known from day 1 that any email you send or receive goes through several computers on the way. Passwords or credit card #'s in emails? I try to avoid doing it, but realistically, a snooper trying to fish one out would be looking for a very small needle in a very large haystack.

    For a while, I was using SSH to transfer mail to and from the mail server and the computer on my desktop. This makes one link of the chain secure. I switched over to SSL. For a while, I was trying to convince a few of my email correspondents to use PGP, but this requires PGP to be installed on both ends, and this goes beyond the technical ability of most people.

    As I said, sniffing sensitive info out of an email in transit is hard to do. Archiving of emails and traffic to and from web sites is a different matter. I don't like the idea of anybody being able to look at an email I sent or received five years ago. You shouldn't like it, either. It's entirely appropriate for civil libertarians to insist that there be a time limit on the archives.

  •  Anyone with the proper admin access can (3+ / 0-)
    Recommended by:
    Brainwrap, dizzydean, nchristine

    read each and every one of our private Kosmail here at DKos if they want to.

    It's all in a database, and all they have to do is look.

    I'd like to start a new meme: "No means no" is a misnomer. It should be "Only 'Yes' means yes." Just because someone doesn't say "No" doesn't mean they've given consent. If she didn't say "Yes", there is no consent.

    by second gen on Sun Jun 09, 2013 at 08:08:18 PM PDT

  •  As I've been saying for years, (6+ / 0-)

    regardless of any current feelings or beliefs about it, in the near future virtually all of our doings will indeed be recorded, stored and analyzed by multiple private and public entities.  There will be both positive and negative results.  My hope is that eventually the radical transparency will allow us to move to a much more rational and humanitarian way of being as a species, although given human history I recognize that this is more optimistic than is probably warranted.

  •  what ever happened to the double-blind password? (0+ / 0-)

    in which the user is forced to reset the password on first use, and said password stored in (theoretical) one-way hash?

    The simple fact that you know any customer's password is enough to allow the (reasonable) assumption that eavesdropping is possible (regardless of whether you do it or not).

    The risk with actually knowing the password is that one could log-on with exactly that password and masquerade as that user in every way possible.

    You not knowing that password would actually be better for you than it is for them.

    •  If you have admin rights you can reset the (1+ / 0-)
      Recommended by:

      password, go in to do whatever you want, and then when the original intended user tries to get into their account, they generally just think that they've mistyped the password, or forgot what it was (particularly if they have to change it pretty often), they just call up the admin for a reset....

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site