C.Behind the Machine.. - University at Buffalo, Computer Science

advertisement
Behind the Machine:
Anonymity and Free Speech



Bill of Rights protects free speech
But – there are still times when we do
not want to be identified?
Examples?
Copyright © 2008 by Helene G. Kershner
Behind the Machine:
Anonymity and Free Speech
The ability to post anonymously is
good.
Is it?
Is it always good?


How do we filter truth from fiction?
How do we protect ourselves from libel or
defamation of character?
Copyright © 2008 by Helene G. Kershner
Behind the Machine:
Anonymity and Free Speech
juicycampus.com





“JuicyCampus is a college-focused startup aiming to
give students the ability to post and comment online
anonymously (a perfect environment for gossip).”
The site’s main feature is a message board that can be
sorted so that students can look at posts only about
people on their campus.
Posts can be sorted by most discussed, most viewed
and “Juiciest”.
Posts are often highly inflammatory as they talk about
who the sluttiest girl on campus.
“Think Jerry Springer + an anonymous version of
Facebook and you’ll have some idea of JuicyCampus”
http://www.crunchbase.com/company/juicycampus
Copyright © 2008 by Helene G. Kershner
Behind the Machine:
Anonymity and Free Speech





JuicyCampus.com is a website focusing on gossip, rumors and
rants related to US colleges and universities.
The site describes itself as an enabler of "online anonymous free
speech on college campuses."
Through various services such as IP cloaking and offering of
anonymous IP servers, it allows users to post messages and
comments without possibility of identification.
Readers can vote on which posts they find "juiciest," or most
provocative.
Timothy Chester, chief information officer of Pepperdine
University, described the purpose of JuicyCampus in a letter to
Google as to create a "virtual bathroom wall' for abusive,
degrading, and hateful speech."[3] http://en.wikipedia.org/wiki/Juicy_Campus
More on this topic
http://www.msnbc.msn.com/id/23211511/
http://www.newsweek.com/id/74322
Copyright © 2008 by Helene G. Kershner
Behind the Machine: Do computers
make us more anonymous?
Anonymity and Free Speech
Protecting the Many from the Few
This Can limit Free Speech because the
basic rules of our legal system change!
To do so – we become
Innocent until proven guilty
Copyright © 2008 by Helene G. Kershner
Juicy Campus/Lives & Dies
1. http://www.youtube.com/watch?v=MDRdQl_Juos
2. http://abcnews.go.com/OnCampus/story?id=5919608
3. http://www.youtube.com/watch?v=sx-c6jtzZko Yale
4. http://www.youtube.com/watch?v=atF2TrCgDDY Texas Tech
5.http://www.youtube.com/watch?v=qz_TKFJgL7U Princeton
http://www.youtube.com/watch?v=WxxcS2KmZtI Shutting down
Behind the Machine: SPAM
Does Free Speech extend to SPAM?
 SPAM: Electronic junk mail or junk newsgroup
postings. Some people define spam even more
generally as any unsolicited email. … Real spam is
generally e-mail advertising for some product sent to
a mailing list or newsgroup. http://www.webopedia.com/TERM/s/spam.html

SPAM: The Internet version of junk mail. Spamming
is sending the same message to a large number of
mailing lists or newsgroups usually to advertise
something.
www.4guys.com/glossary.cfm
Copyright © 2008 by Helene G. Kershner
Behind the Machine: SPAM
A survey shows American business
e-mail users consider the
difference between spam and
desired e-mail to be whether the
user has previously transacted
business with the sender.
http://dc.internet.com/news/article.php/2199981
Copyright © 2008 by Helene G. Kershner
Behind the Machine: SPAM
First Amendment – Guarantees
Free Speech
Is SPAM a variant of Free Speech?
Copyright © 2008 by Helene G. Kershner
Behind the Machine: SPAM and
Free Speech


Can the use of filters by organizations and companies
such as AOL, MSN, Gmail and ISPs to “protect” users
from SPAM be viewed as violations of the sender or
the receivers free speech?
OR
Is AOL like a membership organization with
“property” where SPAM is an invasion of private
property or like the Post Office?
Copyright © 2008 by Helene G. Kershner
Behind the Machine: SPAM and
Free Speech




What about anti-SPAM listing services that provide
lists of “SPAMers.”
Who get included?
Who decides?
Is a Harris Poll survey SPAM?
Copyright © 2008 by Helene G. Kershner
Behind the Machine: SPAM and Free
Speech and the Legal System


Thirty-six states have tried to restrict SPAM by
enacting anti-spam laws
Only two state prosecutions were ever
successfully brought against spammers, and only
one was able to enforce its law against an out-ofstate spammer.
http://www.jcil.org/journal/articles/380.html
Copyright © 2008 by Helene G. Kershner
Behind the Machine: SPAM and Free
Speech and the Legal System
CAN-SPAM Act of 2003
 The Controlling the Assault of Non-Solicited Pornography and
Marketing Act requires unsolicited commercial e-mail messages
to be labeled (though not by a standard method) and to include
opt-out instructions and the sender's physical address.

It prohibits the use of deceptive subject lines and false headers
in such messages.
 The FTC is authorized (but not required) to establish a "do-notemail" registry.

The CAN-SPAM Act took effect on January 1, 2004.
http://www.spamlaws.com/federal/summ108.shtml#s877


The act has largely been unenforced.
States cannot enact stronger local legislation.
Copyright © 2008 by Helene G. Kershner
Behind the Machine: Phishing
“In computing, phishing (also known as carding and
spoofing) is a form of social engineering,
characterized by attempts to fraudulently acquire
sensitive information, such as passwords and credit
card details, by masquerading as a trustworthy
person or business in an apparently official electronic
communication, such as an email or an instant
message. The term phishing arises from the use of
increasingly sophisticated lures to "fish" for users'
financial information and passwords. “
http://en.wikipedia.org/wiki/Phishing
Copyright © 2008 by Helene G. Kershner
Behind the Machine:
Phishing – In the Beginning



In the 1990s unethical AOL users created false
accounts with “algorithmically generated credit card
numbers — these accounts could last weeks or even
months until new ones were required. AOL
eventually brought in measures in late 1995 to
prevent this, so early AOL crackers resorted to
phishing for legitimate AOL accounts.”
Individuals involved in such measures were often
those involved in illegal sale and distribution of boot
leg software.
http://en.wikipedia.org/wiki/Phishing
Copyright © 2008 by Helene G. Kershner
Behind the Machine:
Phishing – In the Beginning

The phisher or cracker would “pose as an AOL staff
member and send an instant message to a potential
victim, asking the victim to reveal his or her password.”
http://en.wikipedia.org/wiki/Phishing#Early_phishing_on_AOL
Stutz, Michael: “AOL: A Cracker's Paradise?”, Wired News, January 29, 1998.

The phisher would use the now all to common technique
of sending some kind of message to the unsuspecting
AOL user asking to give “up sensitive information …
include text such as "verify your account" or "confirm
billing information". Once the victim had submitted his or
her password, the attacker could then access the victim's
account and use it for various criminal purposes, such as
spamming.”
Copyright © 2008 by Helene G. Kershner
Behind the Machine:
Phishing – Moving on from AOL




In 1977 AOL adjusted its security policies making it
very difficult for such illegal activities to occur. As a
result these activities migrated elsewhere on the
Internet.
Phishing is now unfortunately Everywhere!
Estimated losses from phishing from May 2004-May
2005 exceed three billion dollars to individuals and
businesses in the US alone.
More than 1.2 million US citizens were effected.
http://en.wikipedia.org/wiki/Phishing#Early_phishing_on_AOL
Copyright © 2008 by Helene G. Kershner
Behind the Machine: Phishing
http://www.userfriendly.org/static/
Copyright © 2008 by Helene G. Kershner
Behind the Machine: Phishing
Examples?



FAFSA.com
“We suspect an unauthorized transaction on your
account. To ensure that your account is not
compromised, please click the link below and
confirm your identity.”
“During our regular verification of accounts, we
couldn’t verify your information. Please click here
to update and verify your information.”
Copyright © 2008 by Helene G. Kershner
Phishing
Copyright © 2008 by Helene G. Kershner
Behind the Machine: Phishing

What can be done?






Educate users
Make pages more difficult to “spoof”
Anti-phishing software
“smart” - spam filters
Legislation
Industry/government/law enforcement
working groups
Copyright © 2008 by Helene G. Kershner
Behind the Machine: Phishing
The FTC suggests


If you get an email or pop-up message that
asks for personal or financial information, do
not reply. And don’t click on the link in the
message, either.
Area codes can mislead. Some scammers send an
email that appears to be from a legitimate business
and ask you to call a phone number to update your
account or access a “refund.” Because they use Voice
Over Internet Protocol technology, the area code you
call does not reflect where the scammers really are.
Copyright © 2008 by Helene G. Kershner
Behind the Machine: Phishing



Don’t email personal or financial information if
requested by a message to you!
Look for indicators that the site is secure, like a
lock icon on the browser’s status bar or a URL for a
website that begins “https:” (the “s” stands for
“secure”). Unfortunately, no indicator is foolproof;
some phishers have forged security icons
Review credit card and bank account
statements as soon as you receive them to
check for unauthorized charges.
http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.shtm
Copyright © 2008 by Helene G. Kershner
Download