As a direct results of at least 2 major observation of me and others lately, I think I want to use some of my weight also for the benefit of my own privicay protected effectively in the future, and make awareness enough to raise technical and organisational issues concerning the safety of computer networks, and where such safety may be hard to find.
Mainly, I disagree that computerworld is subjected to different rules
than lets say public streets or plumming, it should be completely possible
to track what we are letting exist, what certain parties
build, and how we allow ourselves to cooperate to make networks
and systems with resonable degrees of safety and guarantees against illegal
taps, dataloss, infringement on privacy or copyright rules, and reasonable
guarantees of quality of service.
As always, and I have participated in a university course 15 years ago containing ideas about the security of software, which in certain ways has similarities, there are technical matters involved, definitions of the services and the problems, and the desirable and maintainable legislation we can all agree with and find back in our countries or continents' legal system.
Being defininately qualified to produce some serious points, the main I'd want to make is that at least it would seem reasonable possible to take any correctly functioning data connection and use it to transer protected data in almost uncrackable form, meaning at least when it is realy needed safety can be had between parties who can exchange some key data reliably.
I'm sure many technical issues can be better resolved in this area than they in my opinion are too oftern, which is a call for quality, and I gues a mesure of self imposed or legal decency.
A bit earlier I built my own network interface for a at the time hip new fast local area network time for synthesizers, called midi, which I sucessfully run from an ancient trs80 clone computer. Not all but very basic data transfer issues also at stake in other types of networks are present in such a design, and with added courses on TCP/IP at university as part of the electrical engineering curriculum, which I found enjoyable enough because at least such a subject in practice is certainly not pathetic, I had the basic knowledge which still forms the foundation of my more than sufficient understanding of the contemporary internet and its basics and building blocks.
Later on, I programmed a newish type of client server setup, intended for the running of distributed applications on a workstation network, which worked satisfatory and nearly without error. That tought me the practical interfaces to the application layer and some others and the parameters of various underlying layers of the OSI model, and also that in computerland, specifications, for instance such as possible in various telecom based approaches such as SDL, at some point after the number of megaherzes, specmarks and bustypes stops, and that a decent overview of an operating systems multitasking facilities in quantitative and qualitative sense is hardly ever likely to even exist at al for normal customers, and that the same holds for various not unimportant networking parameters, including even quite obvious ones such as buffer types, abundance and length. Bad practice, as every decent electrical engineer knows, specification during design phases are completely needed of parts which should together make a machine.
When buying a PC or a place in a library or internet cafe or of an internet provider, certain technical data are commongood, though probably mainly the terrain of moderate experts, such as adjustments for name servers, and the bitrate of a modem, but detailed specifications of the various components of for instance an internet information path are mostly not there, unless one asks an expert who happens to have information about that particular combination of web tools and browser, ppp connection toos, tcp/ip libary, operating system version, modem brand and version, provider side modem specs, server software, proxy idiocyncracies and a lot more.
Apart from that, it is not very trivial even for an expert to have good
guarantees of safety, because so many parts are involved, and only a clean
installation of known and trusted components without additions, viruses
and errors in adjustments makes it credible one can perform safe and overseeable
data processing. Linux has in that sense an attractive open source approach
which allows at least experts to check all source code, make a custom compile
for a given system, and be pretty sure nothing is realy very wrong with
the resulting system. When then the internet link is run by processes mainly
limited to a known and limited user account, the systems can operate relative
safely with pretty much anything connected to its modem or network card,
assuming the linux version used is as file access safe as it can be relatively
easily. I think windows XP is another story in that respect, and quite
frankly windows 2000 is not exactly easily overseeable or verifiable enough
for me to easily guarantee various forms of safety, though I guess reasonable
speaking I too can make it reasonably safe to use, with proper limitation
of the network components.
Works of art have their intellectual ownership safeguarded in most western countries by simple enough law, and clearly it is not legal to 'steal' work from another can claim it for oneself, or to redistribute or sel another persons work of art without permission.
As a practical exampe, one may not even have permission to use someone
else's photograph on a web site, and that could be legally enforced, i.e.
checked, fought and corrected by official and founded exisiting legal means.
In short one may not open, read, disclose or spread someone else's mail without permission, or at all.
In holland, some years back I remember news messages that the gouvernment had included email messages in the laws for regular mail, so that anyone who opens or reads email messages not clearly addressed to them is into an official offense, and can be persecuted by law, and I seem to rember even punished quite severely when caught.
Heer, heer, I gues, having legal backup even for my yahoo mail account
is a good idea, why not have people officially deny access to my private
or professional files, if they want access let them ask me or official
authority (which is probably rare).
Because I was faced
with a practical 'break in' sort of problem lately, I'll shortly describe
what I think is important in what I observed and what I have as an answer,
too.
I was regularly unpleasantly surprised at my mouse behaviour in place with a massive battery of PC's for internet use I happen to spend more than a few hours on, and at some point got the idea some may have more than healty interest in my activities, because it seemed certain mouse response anomalities were not random or caused by mouse terrain unevenness or mouse mechanism failure.
Is that relevant? Probably it is, though one may argue checking may happen without making a noticable impact on system operation, I don't like the idea that appearently the will and the way exists for certain probably not too advanced persons to pick on someone's computer behaviour and mess with it. Clearly.
So I thought of at least a trick to have the stupid sort of feedback reduced, which mainly exists of making clear such unwanted effects will not go by unnotices, which is probably normally on of the prerequisites and desirabilities for certain not to highly to be estimated behaviour. 'Things don't work right here, come and see' nothing special going on, suddenly...
So I decided before going technical to play the engineer (the real kind) a bit, and make sure at least all to annoying or clear interfearences would be tracable objectively, and, unfortunately for certain lesser life forms, recordable for future replay, analysis or proof, in line with normal and and decent 'check things when they go wrong, and what cannot bear the light will probably disappear'.
At least I'd have normal computer use back, not knowing how much at least partly for certain illegal 'checking' still would be going on.
A more technical approach would be to cut the network cable or port during normal use except when needed, which may be impractical, or us simple enough network port scanning to figure out where the systems 'suck' module resides and disable it, or possible have its communication interestingly modified... Both not a technical tour de force, actually, except a system which reboots from unknown source may be a touch hard to crack in short time in that sense, but then again taking a simple network monitor and see some udp or tcp port raise its activity in sending and receiving mouse patterns is not nasa level work, and requires no PhD in computer design, not even in computer software.
Bear with me to see my little fun enough experiment.
Little boys with pc anywhere are not too interesting or general powerfull
or special, but lets say there are principles at stake. Let them prove
they can actually write such a program at least, then probably they'd be
intelligent or interesting enough to occupy themselves with something a
bit less base, useless and undesirable.
I've made two short
enough video fragments in windows avi format to illustrate what I'm talking
about.
The first one contains the recording of my watch with large second counter to give an impression of the video systems responses and the way mouse movements, 'coincidently' uninterupted look on the screen.
The second one shows the carrying out of
the experiment, where I've attached a 'fin' to the mouse to make its physical
motion part of the video, and where the red window which tracks the mouse
around the screen is visible on the cam's recording to see wether they
coincide logically, as the first and main check for undesired malbehaviour.
In short I made one of my maybe infamous sort of 'oneliner' procedures to produce a list of time - mouse position triplets, which together with a few well chosen screen dumps give an excellent impression of the tracks my mouse make during the time I work on anything I like.
Clearly enough , the scipt is visible even decent enough through the jpg encoding, the red window near the 'activeate motion detection' button is the window which as a result of the shown script simply 'follows' the mouse around the screen as javascript sometimes does within a webpage, and xeyes for those who know what that is, and still appreciate the fun in them after 15 years..
While it with adjustable rate tracks the mouse pointer (which is not in the standard screen dump), it records every tracked position and stores a time stamp with every move, so it is completely possible to reconstruct the mouse curves and motions later on from a simple text file.