http://www.seanconvery.com/weblog/2006/08/10/inference-based-identity/ Ruminations on Identity Management for Networks Thu, 07 Aug 2008 20:00:34 +0000 http://wordpress.org/?v=2.6 http://www.seanconvery.com/weblog/2006/08/10/inference-based-identity/#comment-36293 Sean Convery » Blog Archive » Schneier’s Wide-Open Wireless Argument Thu, 17 Jan 2008 01:17:41 +0000 http://www.seanconvery.com/weblog/2006/08/10/inference-based-identity/#comment-36293 [...] Second, Schneier seems to think that the risks to him are as follows: someone breaks into his machine or someone does something illegal using his network. There is a significant third risk he doesn’t cover: the increased risk of identity theft / profiling. Watching the Internet use and search habits of a machine is very easy over an open wireless network. Watching that use over a long period of time could be very revealing (and profitable, just ask Google). What I find borderline hilarious is that the blogosphere proponents of open networks are the vary same folks that rightly went a bit bonkers when AOL released the search data of 650,000 users. This data was partially anonymized by removing the screen name of the searcher but as the New York Times and others reported, it is fairly trivial to analyze searches and derive identity. I wrote about how the same techniques might apply to enterprise Identity. What I find funny is while the damage done is at least self-inflicted in the open wireless case, the repercussions could be even more disastrous. With a persistent log of not just your searches but your internet traffic in total over a period of time, it would be very easy to tell an awful lot about you. If you think the bad guys need to be parked out front to do this, you haven’t spent enough time looking at snack-food wireless antennas. [...] [...] Second, Schneier seems to think that the risks to him are as follows: someone breaks into his machine or someone does something illegal using his network. There is a significant third risk he doesn’t cover: the increased risk of identity theft / profiling. Watching the Internet use and search habits of a machine is very easy over an open wireless network. Watching that use over a long period of time could be very revealing (and profitable, just ask Google). What I find borderline hilarious is that the blogosphere proponents of open networks are the vary same folks that rightly went a bit bonkers when AOL released the search data of 650,000 users. This data was partially anonymized by removing the screen name of the searcher but as the New York Times and others reported, it is fairly trivial to analyze searches and derive identity. I wrote about how the same techniques might apply to enterprise Identity. What I find funny is while the damage done is at least self-inflicted in the open wireless case, the repercussions could be even more disastrous. With a persistent log of not just your searches but your internet traffic in total over a period of time, it would be very easy to tell an awful lot about you. If you think the bad guys need to be parked out front to do this, you haven’t spent enough time looking at snack-food wireless antennas. [...]

]]>