My personal blog
Powered by Twitter Tools
There are quite a lot white papers about security on software level. You know, all those situations when an attacker sends some information not in the format expected by the software, and the latter fails; or passing some pieces of code in the registration form in places not intended for that and ending up with executing this code, or similar issues.
There are much less works describing security of some existing and popular Web 2.0 services (Facebook, Flickr, Google+, Picasa, Xing, LinkedIn, etc). But at least there are some.
What seems to be absolutely absent are white papers describing security (and more specifically, privacy issues) of the Web 2.0 ecosystem as a whole. Meanwhile, the situation there is quite remarkable. Fans of conspiracy theories would immediately assume that intelligence services of many countries are currently holding their breath observing rapid and voluntary de-privatization of many netizens; gathering all the information and preventing hackers from publishing their findings. Well, if it should be true, you are currently NOT reading this text, because it wasn’t successfully published. A more rational explanation would be, that just lazy me didn’t do any research before writing this blog post and has instead just bluntly asserted that there are no white papers on this topic to made his blog post more appealing.
Anyways.
To depict the current status quo, I’m going to show a couple of legal techniques to gather private information about a person from public sources.
1. Profile Scouting. This is obtaining links to public profiles of a target person, in a given Web 2.0 service:
a) By known real name. Many Web 2.0 services allow (and even motivate) their visitors to search profiles by known real name. This step can be either performed manually for each Web 2.0 service using the corresponding search field, or automatically using pipl.com.
b) By known username. Some Web 2.0 services display the username publicly, either in the web page itself, or at least as part of the public profile url. So, either public profile url can be constructed manually and checked if a given Web 2.0 service would return a profile or a 404 page, or some automated service can be used for this task, for example namechk.
c) By known place of living, company, school or interests. Many Web 2.0 services allow to search using these kind of metadata; from the resulting list of persons the target person has to be found using some additional information, for example their known appearance (looking at the profile photo). A variation of this method is using groups or forums; for example, if a target person is interested in some dance type, and some Web 2.0 service offers a group, it is possible to find them by looking up the members of the group.
d) By tagging. For example, a group photo on Facebook might be tagged with corresponding profiles; knowing appearance of the person of interest, it is possible to obtain their public profile. Another variation of this method is tagging of Flickr photos, where tags containing person names, cities and event names are used.
2. Profile Mapping. Having a profile in one Web 2.0 service, it is often easily possible to find out profiles of the same person in another Web 2.0 services; for example, by searching the same known real name. Many folks out there use the same username (or same couple of usernames) across several Web 2.0 services, so that their profiles can be mapped that way. The easiest way to map a profile is just a link, for example, it is possible to enter a link to Flickr account in the Facebook profile, and make it visible for everyone.
3. Social Graph Leveraging. This means, analyzing the “friends” of a target profile. This technique has the following shapes:
a) Leveraging Faulty Security Concept. For example, the target person has closed their photos on Facebook for public viewing, but opened them for their friends. A friend of the target person has a publicly available timeline and comments on a photo of the target person. Faulty Facebook allows anybody to follow to this comment and to see the original photo, even though it ought to be visible only “for friends”. I believe, this bug Facebook has at least since I’ve joined it in 2009.
b) Leveraging Different Privacy Settings. Let’s say the target person has closed their photos for public, but their friends haven’t. Some friend would publish their own photo, showing themselves, but also the target person (perhaps in the background or showing their back, but not necessarily so). Another variation of this technique is consuming the publicly available timeline of a friend of the target person, if it is known they interact closely in the real life (for example, study in the same university). By observing events, life style and mood of the target person’s friend, it is possible to conclude that the target person themselves should also have comparable mood, life style and perhaps participate in the same events.
c) Second Level Scouting. Let’s say, the target person A doesn’t want to publicly befriend another person B (due to any reason whatsoever). But, A’s friends C, D and E don’t have this constraint and all have B in their friends. By analysing common friends of the friends, it is possible to find a missing link. This technique has quite limited usefulness, as your typical Facebook profile has 100 to 200 of friends, the total number of friends of friends can be around 10000 in the worst case, which is way too much to be analyzed manually, and I don’t know any ready-to-use software that would automate such a “friends scouting”.
Combining these three techniques sequentially, it is possible to achieve impressive results. For example, it should be possible to start looking up the target person A by searching their real name and current city on Flickr. By a lucky chance, one could find only a couple of photos, and most of them would depict the target person. One then could go to the Flickr profile of these photos’ author, person R, and map their profile to Facebook. On Facebook, by a lucky chance, one would be able not only read the public timeline and obtain more photos, but also discover a couple of friends of R who would live in the same city, for example persons H and D. By mapping of H’s profile to spaces.live.com it could be possible to obtain additional photos, and by mapping D’s profile on a Web 2.0 service for travel reports, one could obtain additional information about some events happened.
I do believe these techniques are quite legal, because they leverage only the data made publicly available by respective owners / copyright holders. If this should be “problematic”, then Google and other spiders should be even more questioned and investigated.
On the other hand, depending on exact situation and on what exactly the researcher will do with the information found, this might be anything from being perfectly moral to being absolutely cruel. In any case, often it is the case that information flow is not as intended by the target person, and that’s why I think this issue is a security issue, and has to be publicly discussed and addressed.
I don’t know any handy solution for that, besides of trying and opening my own social profiles to the most possible extent. If I cannot prevent this kind of information gathering, at least I want to lead and control it by providing the most of information myself “from the first hands” and thus minimizing any possible misunderstanding or misinterpretations. But I do see that this approach is not suitable for every kind of situation.
So what do you think about it? I’m kindly requesting for your comments.
Powered by Twitter Tools
I am very picky about art. An artwork must engage me emotionally. I can’t stand these modern kinds of art only targeted to your intellect, but producing no feelings. And a great artwork must fully own me; if it is sad, I must cry, if it is funny, I must laugh so much I can’t breath, if it is thrilling I must have cold sweat and trembling hands.
Combining these high expectations with my perfectionistic wish to consume only the great art, it is no wonder that I would rarely enjoy (and go see) artworks currently popular in the press. I might find something great once in a year, often even more rarely.
When I say art, I mean books, movies, music, pictures, live performances, and any special kinds of modern art. And computer games. Games are mostly sport and hobby, but some of them are also art.
Great art can be “immersed” into, kind of daydreaming about the virtual world created by the artwork, and this helps to endure life. Computer games are by design perfect means for such escapism. In fact, reportages about WoW show how some specifically designed games can pose a real threat to ordered and healthy lifestyle. Besides, being a software developer myself, I can better than many others see how games are just meaningless crunchers of tons of bits and bytes.
So, hopefully, you’re impressed enough to hear me calling Mirror’s Edge the great art I was playing in in the last couple of months. At the time being I have finished the full game four times (on easy level, or hard level, without killing anyone, and with killing everyone), and also qualified in all speed runs, and earned tri-star rating on each time trial.
Yes, this took a lot of time – time I’d rather invested in a more reasonable things. But may be it has saved me from cracking up? And anyways, this wasn’t something I could control. And it still isn’t. I’m already waiting for the second game, which, unfortunately, seems to be delayed for unspecified time. And I’m extremely envious of the game creators; it was a once-in-a-lifetime-experience for them, and I also hope to become such professionally successful in my carreer.
If you don’t plan to play this game, this video will give you some impression about it. If you do plan to play, look at the following.
Powered by Twitter Tools
Powered by Twitter Tools
As far as I can remember, I’ve first heard about vegetarians on a Russian Literature class, where we have been told Leo Tolstoy was a vegetarian. Tolstoy being totally uncool among the pupils, the vegetarian idea seemed to be also uncool to us.
But it is interesting that this movement is quite old, and is still (or nevertheless) trendy, at least in some circles in the West. In other parts of the world it is even tradition or religion.
So, I was thinking about the vegetarian idea lately.
“In essence, we don’t want to cause harm and suffering to other living beings.“
“Yes. But why should I care about cows and chickens, while so many people starve to death, get raped or murdered, die from AIDS and cancer?“
“Well, actually you should also care about all those other cases. But, from where you are, it is hard to directly influence totalitarian regimes and failed states, or fight diseases. Not eating meat is so much easier.“
“Yes. But not eating meat does not necesserally translates into less suffering of animals. A typical restaurant would probably buy meat beforehand and throw it away if is not getting sold to the customers before its expiration date. Because customer flow fluctuates hugely from day to day, throwing away unused meat should be daily routine, so would the cook ever observe the effect of vegetarians and reduce the amount of meat ordered?“
“I don’t know. Perhaps he would, after reaching some threshold.“
“But yet again, suppose restaurants would order less meat. Will it translate into less animal suffering? Or will the animals still be grown and then burned to obtain cheap electricity? They already grow crops in Europe specifically for electricity production.“
“Perhaps yes, perhaps no, but at least you personally won’t be responsible for that.“
“But what about other effects caused to the world? Humanity is a huge, complicated and not well understood dynamic system. Changing one aspect of this system, let alone the aspect that remained unchanged for hundreds of thousands of years, how can you be sure the effect will only be positive?“
“Hold on. Vegetarian movement exists also since ages, and expecting everybody would at once convert till next Friday is unrealistic. Currently, it is more a “personal decision of not participation”, and a faint try to improve world, one veggie at a time”.
“Well, speaking about personal decisions, I do feel empathy with cows and other mammals, much less of that with the birds, and feel almost nothing to fish, insects or other animals, not to mention plants. Don’t you think being a vegetarian means placing some quite arbitrary borders based solely on the fact I’m also a mammal?“
“You can be a vegan.“
“Hah, being vegan is so much harder than just not eating meat! Besides, vegans are still placing an arbitrary border based on the fact they are animals.“
“Don’t be so black and white. Solving the issue for mammals only is still better than not solving it at all.“
“Yes. But what about effects to my own health? The vegetarian-only diat is controversial, and if I ever crave for meat again and get the binge eating syndrome…“
“How about reducing the average amount of meat dishes you eat, but only in cases where it is comfortably possible, and during just one week?“
“Well, that will hardly make me feel liberated from the burden of being responsible for animal suffering, but at least it will give me some insight of a typical vegetarian life.”
And this is what I did during my week in London.
So far, the insights were not very groundbreaking:
* Generally, I could easily take a vegetarian dish at least once a day. Finding a vegetarian-friendly outfit (i.e. serving meat and vegetarian dishes) was not a problem at all; most of them in London are. I’ve also saw a couple of vegetarian-only restaurants without any special efforts from my side, but searching for them at specific times when I was fancy to eat would be too complicated. Looking for vegan-only restaurants would be totally complicated, even in London. It might be feasible, only if you live there, have found all the possibilities and plan your commute correspondingly.
* I once ordered something called “mozarella tomato sandwich” only to find unexpected ham inside. On some other occasion, I’ve ordered a “vegetable dish”; I have no idea what part of it was not vegetarian, if any. That means, if you want to be a consequent vegetarian, you have to communicate with the waiter much more than usual. This may or may not be an extra effort depending on your personality.
* In the Korean restaurant there was no vegetarian BBQ possibility, so I’ve ordered chicken, because my interest of trying the “well-known Korean BBQ” was greater than the empathy with chickens. Similarly, I’ve ordered a Fish Kofta (just because its funny name) and on another day the “English breakfast” because I was fancy to try it. At least I’ve ordered the vegetarian option, which means without meat, but with eggs.
* Eating so much lentils and beans was a challenge for my stomach.
* Madras or Vindaloo potatoes were a bit too simple for my desire to enjoy eating, and hummus I never especially liked, but vegetarian samosas with puff pastry as well as some Bangladesh dish name of which I forgot and some allegedly Sichuan food were delicious.
London is full of compromises. The Tube is a stuffy, hot, loud place with lengthy distances when changing lines; and trains are shaking and screeching. But, the trains come every other minute, and that trumps all the disadvantages. Streets are so loud it is impossible to hear another person speaking, because of the endless buses and the crowd. But, you never have to wait more than five minutes for a bus, and may be it is your new friend who is walking in the crowd. Windows of many houses in the centre are not properly isolated and there is a draught, but, perhaps, they have less mould therefore. Many shops have guards staying at the entrance (which is a Bad Thing), but the shops themselves are splendid and full of excellent goods, and that trumps the so-called “security” again.
London is full of fashionable people. In the age group up to 30, I guess, at least 90% are clothed fashionably and/or stylishly. As for the middle age and older people, there are at least 60% who do so. In fact, you can spot a tourist in London by observing their unsuitable, cheap-looking or wrong sitting clothes (comparing to Londoner). Gents dress code in London is either business or smart casual, or something made from these styles by adding a little bit of controlled chaos. Generally, Londoner are even more obsessed with the uniform than Germans (as suits are, in fact, a uniform).
London is full of people, of various cultures, languages and background. It means a lot of positive and welcoming diversity, and plenty of wonderful and delicious world cuisines available around the corner. But also, unfortunately, it means some number of homeless people or families camping just in the centre of the square around Marble Arch. Truly interesting is therefore the feeling of safety I had. Never mind I have been to London a week after the riots, never mind there are signs “Beware of pickpockets” sometimes; I’ve never seen any destroyed property, any aggressive-looking people in dangerous amounts, nor any thieves. Well, I was visiting mostly the West End, the City and Greenwich, but I lived in Queensway and visited Soho, and Chinatown, and Brick Lane. Perhaps, I’ve just avoided ghettos by a lucky chance? As for pickpockets, having lived in Russia for 20+ years, I have had some experience with them, once stopping the hand of one of them trying to grab my month’s salary from my bag, and a couple of times observing them with their hands in some other people bags on a street market. Thus I believe I can sense their presence at times; in the huge London I haven’t seen anything more suspicious than in my sleepy tiny home town.
London is full of world wonders. You can see things that are not available in your home town, like some 3500 years old chinese pottery and bronze devices, and egyptian and assirian statues, and real bones of dinosaurs, and works of Da Vinci and one of the oldest remaining pages of the Bible. But also, the London architecture is a wonder by itself. We’ve landed at the Victoria station, and decided to walk to the Buckingham Palace. Just out of the door, we had to say “Wow” pointing at some building, and then passing that building, immediately another “Wow, look at these”, and then after couple of metres, yet again “Over there, how cool is that?”, and then we’re overloaded and stopped pointing, but not stopped wowing.
Speaking of metres, another rather unexpected impression I had is that the U.S.A. seemingly remains the only country where imperial measures are prevalent. I haven’t seen any sign or poster or other public information in London not using the standard measures. It is always metres, grams, litres, etc. The calorie intake label on foods is per 100gr. A lot of clocks use the 24h format.
They still have the left-side traffic though, and it takes its time to get used to. Even for a pedestrian, who just needs to decide which side of the street he must be on to get the bus in the desired direction. I wanted, but avoided renting a bike, partially due to this reason; I didn’t want to test my right-side reflexes in the London traffic. Speaking of which, it is terrible. There are in fact a lot of cyclists on the London streets; much more than I expected when looking at the traffic and the virtually absent bike lanes (comparing with Amsterdam, there are none). But, looking at the cyclists’ position on the bike, their uniform, their sporty racing bikes, and their faces, I don’t think they have enjoyed the ride. It was rather a fight, a rapid spurt from A to B, full of adrenaline and, perhaps, sometimes war stories they can later share with their buddies. I think, cycling in London should be a rather healthy activity, because of healing effects adrenaline causes to the body and because of the daily training to act quick but rationally under the effect of adrenaline. But, on the other hand, I’ve never seen a grandma on the bike, like plenty of them in the German streets. So, perhaps, the average lifetime expectation of a London cyclist is not to be envy of.
What you can envy Londoner of is definitely the food. I don’t care if there is such thing as English cuisine and what are its limits. I only care what you can get in a shop round the corner. And that’s much more diverse, intriguing, and delicious than in any other city I’ve yet been to. Ethiopian, Korean, and Bangladeshi cuisine I’ve tried for the first time in London. And as if it was not enough, they have Whole Foods Market stores in the city (five of them in fact. Why?! Why London has five stores, and the whole Germany none at all? That’s unfair); the greatest one having a dedicated cheese room and user comments on yelp along the lines “I want to live there”. In contrary to the tourist guides, I wouldn’t say eating in London is or has to be much more expensive. Those who eat on the Autobahnraststätte or in the Airports would pay more for worse food.
All in all, London is a perfect tourist destination, if you want to switch off from whatever feelings or problems pressing you; vibrant street life and clustered wonders would distract and entertain you. I would rather be careful when considering a permanent move or a long stay there though. You should never confuse tourism with emigration, as one of the Russian jokes goes. My extremely limited exposure to London leads to some unpleasant questions that have to be addressed. One of those is the health system. Would I feel myself comfortable living in a country where they sometimes call doctors “your health services provider”, and market their dental services in a same fashion one would advertize all-things-for-one-pound franchises?.. But yet again, answering such questions require much more exposure of the real everyday life in UK than I had.
Powered by Twitter Tools
