Press "Enter" to skip to content

A few thoughts on ID, privacy, and us vs the snoops

Fakes!

I love J.D. Tuccille. That man has the instincts of a swashbuckling pirate. Here’s his latest: “Now, More Than Ever, We Need Fake ID.”*

Record number of fake ID seizures,” New York’s government boasted at the end of last year, presenting the Empire State’s residents with a (not unfamiliar) holiday-season gift of arrests and petty law enforcement. “Governor Andrew M. Cuomo today announced that underage drinking sweeps conducted by DMV investigators in 2016 resulted in the seizure of 862 fraudulent licenses and the arrest of 818 individuals for underage drinking, both single year records.”

Great going, guv! Your intrepid investigators managed to slap cuffs on bunches of 19-year-olds for sneaking beer two years earlier than politicians would allow. How about some medals for your brave enforcers?

He goes on to talk about the scary new TSA signs warning airline passengers that if their states don’t “comply” by next year, they won’t be “allowed” to fly (as if traveling were some government-controlled privilege; oh, but nowadays it is).

But if REAL ID and other measures to give gov complete control of our identity are meant to deter fakery, J.D. goes on to point out that all they’ve done is require forgers and fakers to up their game. See his links for more detail.

Alas, the ID I bought for $50 from some offshore outfit twenty years ago would never cut it now. Seems you can now get a fake drivers license of “getting your underage self into a bar” variety for about three times that. Getting a real fake ID, complete with real-fake database entry created by an employee of the DMV will seriously cost you. But in this case, hooray for official corruption!

Leaks!

The other day on the Cabal, a cabalista techie linked to a TechDirt deal (the specific one will be defunct a few hours from now; but TechDirt seems to have frequent bargains of this sort): a lifetime VPN service for just $39 ($35.10 with the coupon I also snagged). I bought in and after the usual headbanging standard with software that’s only sorta-kinda set up properly for Linux, I’ve found it very easy to use.

Like the proxy I’ve been using for years, it masks my IP address. But unlike a mere proxy, a VPN is designed to encrypt the connection from portal to portal. It also covers all my browsers without me having to do any browser-specific setups.

But the question came up: How do you tell it’s really working? Yes, you can go to a site like WhatIsMyIPAddress.com and get the comforting news that you’re visiting them from an address in Thailand, Switzerland, or Brazil when you’re actually in Teaneck, NJ, Swaziland, or British Columbia. But (as you technoids already know) that’s not the complete story. There are these things called DNS links that reveal your real IP, and therefore your real location, under more sophisticated scans. I visited five or six leak-detection sites. A couple detected something — not my IP, but (I’m guessing) another IP belonging to the VPN service. One, however, pinpointed me right to my little rural area. Even showed me a map. Urk.

This turns out to be because of a “helpful” geolocation service built into some browsers. Again, you techies, as well as you properly paranoid security mavens, will know all this. But for the rest of us … there is this “feature” called WebRTC that will leak your IP address across the known universe even when you imagine you’ve protected it with a proxy service or a VPN. Check it out. The best testing site I found was DoILeak.com (which, ironically requires JavaScript to give you a complete reading, but yields nicely comprehensive and easy-to-read results).

If you have a WebRTC leak, you can fix it. Blessedly easily. In Firefox, just install the DisableWebRTC add-on. In Chrome or Chromium, there’s the WebRTC Limiter (but be aware that you’ll have to change its settings, as the ones right “out of the box” do NOT stop IP leaks). There are other ways. But those two I know work.

Alas, figuring out if a VPN is really, truly encrypting the connection is harder. We discussed that a bit on the Cabal, too, and all I can say is so far, so good.

—–

I was going to continue with a few thoughts on the importance of anonymity in political speech and life in general, but this has gone on longer than I anticipated. So maybe later for that.

—–

* H/T WendyMcElroy.com

1+

18 Comments

  1. MacGregor K Phillips
    MacGregor K Phillips January 10, 2017 2:35 pm

    I normally use the Chrome Browser and I use Privacy Badger from EFF to block ads and third party trackers. In its settings you can tell it to “Prevent WebRTC from leaking local IP address”. They make a version for Chrome, Firefox, and Opera. I tested it on the Doileak.com address Claire linked to, and it works.

    You can get Privacy Badger here: https://www.eff.org/privacybadger

    1+
  2. Claire
    Claire January 10, 2017 4:52 pm

    Thanks for that link, Mac. I’ve heard good things about Privacy Badger. I’d try it myself if I didn’t already have my two main browsers so loaded with privacy add-ons I fear they’ll explode if I add something else.

    OTOH, I might eventually try removing a lot of my existing security (which in some cases makes sites non-functional) and give Privacy Badger a try.

    0
  3. StevefromMA
    StevefromMA January 10, 2017 7:50 pm

    This is to probably a really dumb thought but…I always figured that if you try to become invisible, you end up on a surveillance list of people trying to become invisible.😬

    0
  4. Claire
    Claire January 11, 2017 6:21 am

    Oh definitely a lot of truth to that. We already know spy agencies give special attention to people who encrypt their email. I’m sure they do more. And worse.

    But we’re already all on those infamous “lists” anyhow. If we’re not on a list because we try to be invisible, we’re on a list because we bought the “wrong” book. Or because we used a “wrong” word in an unencrypted email (“I think Jennifer Lawrence is DA BOMB!”). Or because we once attended a meeting with the “wrong” people.

    Maintaining as much privacy and personal security as possible is a good practice, both in itself and because it remains a declaration of independence. Besides, it annoys the snoops and causes them to waste time, energy, and resources. For that alone it’s worthwhile. 🙂

    0
  5. ellendra
    ellendra January 11, 2017 8:58 am

    “But we’re already all on those infamous “lists” anyhow. If we’re not on a list because we try to be invisible, we’re on a list because we bought the “wrong” book. Or because we used a “wrong” word in an unencrypted email (“I think Jennifer Lawrence is DA BOMB!”). Or because we once attended a meeting with the “wrong” people.”

    Or because we tried to buy seeds off Amazon without realizing they’d be shipped from Taiwan.

    I actually have a letter telling me I’m on a watch list because of that.

    0
  6. larryarnold
    larryarnold January 11, 2017 9:38 am

    There’s really only one list. Everybody is on it.

    0
  7. Chris
    Chris January 11, 2017 11:07 am

    The Z-Man weighs in on privacy: http://thezman.com/wordpress/?p=9352#comments

    Maybe privacy is transient.

    I am ambivalent of the issue of ID v. fake ID. I am not sure why it is a libertarian concern. Strong ID helps with conducting consensual transactions at a distance. If somebody is a fraud, isn’t it better to know them so you can choose not to do business with them? Do you want to limit your transactions to those you have know personally for a long time so you trust them? (And how do you live that long a time without transactions?)

    In a world with no ID, there would be a strong incentive to punish every economic infraction with physical punishment – rather like sharia law – cheat someone and they cut your hand off. (Would that be iniation of force? If you elect to defraud someone, you have commited an act of economic agression.)

    So many questions.

    0
  8. Pat
    Pat January 11, 2017 11:27 am

    “In a world with no ID, there would be a strong incentive to punish every economic infraction with physical punishment….”

    Why? What happened to contracts? It’s not the “ID” that makes the transaction, it’s the person. Whoever s/he is, is responsible for their actions and their commitment. In a prior world of handshakes and cash, e.g., we didn’t collect driver’s licenses or SS# before buying and selling.

    0
  9. Claire
    Claire January 11, 2017 11:40 am

    “Strong ID helps with conducting consensual transactions at a distance.”

    There’s a world of difference between consensual ID systems (which can actually be more like verification systems, not necessarily connected to an individual’s real-world identity) and state-imposed ID systems which ultimately make individual freedom impossible.

    “In a world with no ID, there would be a strong incentive to punish every economic infraction with physical punishment – rather like sharia law – cheat someone and they cut your hand off.”

    I don’t see where you get that idea.

    Also privacy, even when achieved via fake ID, does NOT equate to fraud or financial cheating.

    0
  10. Rob
    Rob January 11, 2017 12:04 pm

    “There’s really only one list. Everybody is on it.”

    Well, yes and no. I have no doubt that there is one list that virtually everyone is on. Even dead people are on it because dying is not enough to get you removed. As a dead person you are still a threat of coming back to life on someone’s fake ID. Probably fictional characters who “did something” really bad are also on this one universal list.

    But some of us are SPECIAL. Meaning we are eSPECIALly evil in thought and deed and bear eSPECIALly close watching. I’m one. Claire is one. And probably larryarnold is one, too.

    0
  11. Claire
    Claire January 11, 2017 12:24 pm

    “Or because we tried to buy seeds off Amazon without realizing they’d be shipped from Taiwan.

    I actually have a letter telling me I’m on a watch list because of that.”

    Wait. They _told_ you you were on a watch list? Actually told you? I wonder if it was specifically because you ordered some type of “biological”? I’ve gotten a bit of Amazon stuff from various Chinese sources (clothing, knitting needles, small electronic parts) and never made any lists for it. That I know of.

    0
  12. Claire
    Claire January 11, 2017 12:25 pm

    Rob — That’s some of the most charming cynicism I’ve seen lately. Thank you. (And LOL I have no doubt we do share our “list” status with imaginary characters, among others.)

    0
  13. StevefromMA
    StevefromMA January 11, 2017 12:46 pm

    Hey Rob,

    Maybe we’re all on the list by writing to this blog!

    0
  14. Comrade X
    Comrade X January 11, 2017 1:28 pm

    One time (a really long time ago btw) I got a letter from customs asking me to come down and claim some Cuban cigars that was being sent to me, my response was;

    https://www.youtube.com/watch?v=UmzsWxPLIOo

    You would think that might get you on a list however what I did do is contact the source to let them know about it, since they guaranteed delivery, sure enough a few weeks later I got these travel videos that turned out not to have videos in them which goes to show that there is one thing you can count on too; government incompetence.

    Heck I’m sure I’m on some lists but as long as there not any projectiles flying by, because of those lists, at 2,000 fps methinks those list don’t matter much, so far that is at least.

    0
  15. Chris
    Chris January 12, 2017 8:46 am

    “There’s a world of difference between consensual ID systems (which can actually be more like verification systems, not necessarily connected to an individual’s real-world identity) and state-imposed ID systems which ultimately make individual freedom impossible.”

    Consensual ID can be the strong ID that I believe has benefits. Certainly it can enable safe transactions at a distance with a degree of certainty if it is stong enough. And “real world identity” need have nothing to do with it – provided there are safeguards against a large number of multiple IDs per person, which would enable serial frauds.

    As for physical punishments for those caught defrauding, cheating or robbing another, well they serve as a crude form of ID in a world without otherwise reliable ID. Like, “don’t do business with somebody with their right hand chopped off. They were caught robbing somebody.” It’s barbaric of course – but it was employed widely in the “pre-ID” world by many cultures for a long time.

    0
  16. ellendra
    ellendra January 13, 2017 3:50 pm

    “Wait. They _told_ you you were on a watch list? Actually told you? I wonder if it was specifically because you ordered some type of “biological”? I’ve gotten a bit of Amazon stuff from various Chinese sources (clothing, knitting needles, small electronic parts) and never made any lists for it. That I know of. ”

    Yep, I still have the letter. It’s because seeds are considered “live plant material”, and are therefore restricted. Importing them from another country requires quarantines and special permits, which I didn’t have. And because the seller didn’t say anywhere in the Amazon listing that they were based in Taiwan, I didn’t realize I was importing them. Customs has me on a watch list in case I try to “import” any more.

    And the seeds? They were for a cold-hardy kiwi. At the time, that kiwi was only available as a plant, and was rather expensive. I wanted 20 of them, and I didn’t want to pay much, so I thought I’d grow them from seed.

    Since then, there have been 3 different seed companies within the US that have started offering the seeds.

    0
  17. StevefromMA
    StevefromMA January 13, 2017 5:12 pm

    SWOT (somewhat off topic) there are two kinds of kiwis, vines that bear a kind of kiwi fruit and the other kind we get in stores that you are probably growing. MA considers the vines an invasive plant since, despite apparently bearing a delicious type of kiwi fruit, they also strangle tress so we will probably become the first state to make it Illegal to plant and subject to destruction.

    And you are all now kiwi experts like me.😃

    0

Leave a Reply

Your email address will not be published. Required fields are marked *