Simpler Ideas: Cookie Camouflage, Digital Haystacks

For the past decade, software engineers have been peddling identity protection soft wares to people who want more privacy, who want to "erase their tracks".  "Anonymizer.com" sells a subscription for safe searching, which I tried out a decade ago.  But paying a monthly fee to someone who promises not to resell your data or to allow cookies to be installed on your drive is an "invisibility" technology.  In nature, invisibility is rare.

Camouflage, however, is pretty common (leopards and squids and zerbras ADD digital pixels, they don't "erase" them).  What I'd like to see is a digital haystack on my hard drive, one that would make it harder to find the needle of my personal data. 

I don't want to bother running a program to wipe off my search engine trail, I don't even trust that program is effective.  What I want is to "pollute" my personal data with disinformation.  I want false positives and false negatives about me, online and on my hard drive.  I'd like to see a program which auto-surfs random phrases in the background, so that the sites I actually decided to visit are thrown in a temp file alongside other modern random keywords.

In the "ewaste" recycling business, fear of over data theft has been good and bad.  The good:  fear allows us to charge for proper management of hard drives.   We have more and more orders to destroy rather than wipe hard drives.  When personal data is stolen, or financial data or social security number fraud occurs, hard drives are suspected (even if waiters, online phishing, and other still-in-use hardware is usually the culprit).

What's bad about this fear in the e-waste business?  Loss of expensive, valuable programs, that get wiped off the drives along with the personal information.   The main beneficiaries of wiping are people who dislike the secondary market intensely.   Hard drive manufacturers, but even more so, software companies whose Quickbooks or Adobe programs, worth thousands of dollars, are deleted or shredded up in a machine.  If people are afraid enough about their hard drive, they provide planned obsolescence to softare manufacturers, and paid for by the consumer themselves. 

Think about it... what if you were convinced that liability for use of your car followed you after it you resold it?   If Ford or Toyota could get you to PAY them to DESTROY your car, instead of buying it back from you, how sweet would that be?

That economy of worry has had a big impact on the recycling business - bigger, perhaps, than the actual risk of data theft.   I'm not saying that leaving info on a hard drive is not a risk... if it gets in the wrong hands, it's like losing a wallet.   But if I were a thief, would I really invest in five year old computer drives?  I guess I could buy a containerload of hard drives and start booting them up and seeing if current, unexpired data was still on them.  I kind of doubt it would pay the electricity bills and labor, but for sure it's possible.   But there are easier ways to get more current data, like hacking and phishing spam, bribes, or walking into an office and sitting down at a computer as if I work there.    Former employees get hired by competing firms, and the "non-compete" and "non-disclosure" agreements are pretty difficult to monitor or enforce.

If I specifically had it out for one person - or wanted data that only one person had - then getting their hard drive would be very worthwhile.   But if that person's computer is buried in a trailer with hundreds of other PCs, I better want their data pretty badly, cause it's going to be a needle in a heckofa haystack if their data has been wiped and the hard drive is mixed with hard drives that are also wiped.

Don't get me wrong - we take hard drives seriously.  We have accomplished 100% hard drive management in-house.  A few years ago, Good Point relied on places like Electronicycle and Colt for some of our hard drive management (larger recyclers who I trusted the standards of more than I trusted the competence of our one newbie employees).  Now we have a secure facility with a routine for positive-sort for wiping, meaning if the guy who rebuilds PCs for reuse doesn't specifically take a hard drive for department-of-defense standard erasure, the hard drive is going to get removed, and the board dismantled, and the information destroyed anyway.

Having set up all that, I still don't really enjoy selling "safety and security" when I really believe that most of the risk, most of the lost data, is stolen from PCs still in use, from dual core laptops that are stolen from cars, or fake bank websites that trick you into logging in with your real banking password.   If you express any kind of honesty about the real risks, you might give the impression you don't care, and you can lose clients to someone else that is out there selling fear.  More and more of the PCs we get come from people who have taken crowbar to removing their own hard drive, and many experts advertise that as the safest way to be sure...

We want a programmer to write a very small app which runs searches in the background, perhaps while the PC is idle, and creates a haystack of information on our hard drive, one which only the true owner would recognize his/her data amongst.  It would be cheap and easy.   If you have time, you can do it yourself, just start randomly searching dictionary terms in google.   It would be easy for a program to do.  Very effective.


I'd call this program a "digital haystack" (for my personal information on the hard drive) or "cookie camouflage" (for my advertiser data in the cloud).  Instead of trying to erase or encrypt all the identity data on my hard drive, this program would run in the background and created a "haystack" on my PC, and on the servers which track our movements remotely.   I'd worry a lot less about "making sure I wipe my social security number off my hard drive"... and if my laptop or PC gets stolen or hacked while still in use, or "human error" occurs at the NAID certified shop you ship to, I could sleep easier.

It could run in the background, or possibly be a simple download of random data.   Imagine 10,000 fake and mismatched social security numbers right here on my computer.  I'd feel safer with a PDF of my tax return if I had a thousand other randomly generated PDFs all over the hard drive.  And if my browser is doing inquiries for random words and phrases, like "overweight kitty cat", it would confuse the heck out of advertising programs.

Such a program would also give me online privacy - the program would run in the background, doing searches of random terms on Google and Yahoo and Bing.    It would visit random websites all over the web, making sure the sites were "safe" of course (that technology is already established).  If someone wanted to claim I had visited porn sites, which perhaps I have, they would not know just which ones I've visited because the background program would have provided cookies from random places all over.  If my sexual fetish is "cookie dough", I wouldn't worry about Google selling me cookie dild-oughs in the advertising space, because they'd have just as many records of ramen noodle fetishes and fruit fly sex searches as anything else.

Who develops software?  The same people who make money on our searches?  The companies who want software removed from the secondary computer reuse market?

Apple and Microsoft and Google and Bing are all in the business of selling our personal data to advertising firms.   What I am describing is "dumping" counterfeit data in such high volumes that the same thing as currency inflation would occur with data.  Digital data inflation would be cheaper and more effective at protecting everyone's privacy.

But the people who develop software may not get much management support for developing that program.  They will try to sell you a program which tracks, erases, and encrypts your data.  But they won't develop something that camouflages everyone's data for free.

In nature, invisibility has never evolved as quickly as camouflage, because camouflage is cheaper and "good enough" for the marketplace of predators and prey.  Camouflage is sexy.

Maybe someone can develop this kind of a software app in the Linux community.  Maybe the FBI can develop fake lists of credit card numbers with names that don't work, and start circulating the lists in such volumes that real lists of real stolen Visa and Mastercard and Discover numbers get lost in the haystack.  If everyone had a haystack of false information on their hard drive, we'd still wipe it and clean the e-waste drives, but in the meantime, they'd be safer from all the other ways data really gets stolen.

Hey, check out more of these "urban camouflage" pictures by French performance artist Laurent La Gamba.  I think this guy is amazing.  He's a good guitarist, too.  Images are copyrighted, I will contact him and ask s'ils vous plaites.

3 comments:

Anonymous said...

http://news.cnet.com/8301-13880_3-9950126-68.html This may do the trick.

Robin said...

http://www.theregister.co.uk/2008/05/16/antiphormlite/

Anti phorm, antiphormlite

Robin said...

Finally? https://cs.nyu.edu/trackmenot/ I wonder if there's an amigo from Slashdot behind this. works in Chrome and Firefox. Have barely tested