No Cookies logo

berklix.com logo

berklix.org logo

Brexit Stolen Votes

flag_uk_de_icon_v.gif

BSD-PIE icon

BSD icon

Gnu icon

Linux icon

Eyes

Disclaimer

IBU

Consol

Computer File Privacy (by Julian H. Stacey )

Introduction

A friend (who uses MS-Win-98) wrote to me in Oct. 98:
An email attachment arrived and the little sliding box said "Author: A friend's name".
She was concerned that software companies might be starting to distribute the capability to monitor the software she & her friends use.

I wrote a reply by email which I'm converting into a draft web page here below:

My Reply

It's Probably happening already

Just because you'r only starting to see it now, doesn't mean other firms who had programs that understood Word format (or Word Perfect, or whatever) couldn't see such information years ago !

Proprietary formats such as Word docs are usually some kind of semi binary, & are much less readable than HTML (web pages), so could always have held such information as author & date etc, just perhaps until now not visible to normal end users, but always visible to editor vendor, it's subsidiaries, & developer licensees. It would have always been simple to encrypt & hide such information in files, so only those who knew how, would have been able to view them, & not other end users. I'm not saying it was done, just that it was always possible.

What Might Be Monitored

Certainly a word processing program written 10 years ago (or more) to run on DOS, could, if a commissioning company (such as WP Inc or MS Inc) required, fairly easily have kept an encrypted secret list, inside each (or some) files, that end users wouldn't see, & couldn't easily decrypt, but that they & friends/licensees could, containing information such as:
  • log of when edited, & for how long &
  • how many keystrokes per minute each session (nice for bosses to know the Tuesday secretary types more slowly than the Thursday secretary, less nice for the typist)
  • how much RAM your computer had, & which version of DOS/Win (embarrassing if you're not licensed for it)
  • list of other copyright programs of interest found while running a background search on your computer (simultaneously running the editor in foreground, so's you'd not notice)
  • note of what percentage of data files on your computer had interesting/`dubious' key words in ... heroin, tax evasion, explosive, civil liberties, communism etc, after all, companies spying on customers for the government is viable. (Could be done in cumulative scans over successive runs, not accessing the disc too often, so's not to alert user, storing the data centrally in a hidden file, & encrypting & hiding inserted copies of the secret information, when other files were written with the editor ! )

Export Of Data

The technology for nearly all of this was possible by 1986, if any company had wanted to do it. Only limitation was, In the old days, one would have had to wait to receive proprietary editor files in the post from corresponding firms, then scan them for hidden data.
Easy to encourage the floppies really, the firm merely says to its customers: we offer faster/discounted services if your correspondence/orders/trouble reports etc are filed with us on floppy, not paper.
These days we have modems & ISDN, that makes life much easier for the illicit export of data from your computer, unknown to owner of computer, merely bury a few extra bits of data in the stream of legitimate data when connections are established by the user !

User Names

MS-DOS didn't have the concept of user names, so it would have been hard to include your name easily, (but I bet for instance that the name Fred Smith appears more than any other name on files on a computer owned by Fred Smith, & can be scanned for in the background: So even with DOS, although you don't know the name of the owner of the computer using the software being monitored, you (the spy company) can take a pretty good automated guess!).

Now Microsoft have I believe finally introduced more personalisation to computers with Win98, so there's more information easily available to export. (BTW Decent operating systems (such as Unix etc) had personalised login names over a decade before MS-DOS was ever available, the problem lies not in the local (PC) collection of personal information, but in the export (floppy & modem)).

HTML

Another example of people giving away more information than they realise, is web pages:
Web HTML files produced by web page composer programs often contains extra information such as author name, editor program name, last edit date etc. information doesn't show up when viewed with a web browser, but is plainly visible in a text editor. Embarrassing if it says (to to quote an actual example)
meta name="GENERATOR" content="Microsoft Front-Page 2.0
unless you have a software licence for that product)

Other examples of security concerns include "cookie files" & browsers in general.

What Can You Do ?

  • Feel free to lie to your computer, tell it your name is Napoleon Bonaparte, tell web registration servers a pack of lies, 'cos they're their to serve their masters, not you :-)
  • If you catch a program up to illicit tricks, tell the editors of computer magazines (bear in mind where their advertising revenue comes from though).
  • In Britain, British Telecom used to prosecute phone piracy under the rather arcane law of "Stealing Post Office Electricity". I presume any software package sold to you as an editor, that lengthens your call by smuggling out even one byte of information, is guilty of stealing Your electricity (ie phone bill), & as such you could prosecute the software vendor. In many countries, there will also be extra laws granting you right to privacy.
  • Switch to Free Software: Then you will have no licencing worries, & won't care who knows what software you use. You'll also usually have access to source code, so you (or some friend or firm you trust) can check & see what information is being possibly hidden & or sent.
  • https://www.torproject.org/

"PUBLISH & BE DAMNED"

You may wonder if it was such a bright idea of mine to put this on the web, & give bad companies or governments nasty ideas .... well there's brighter people than me out there, & some are paid lots of money to look after their employer's interests (not necessarily yours or mine), & they've had 10 years to think about this, ... I can't believe they haven't considered these possibilities long ago.

REAL SECURITY

If you want to really secure your firm's networked systems from prying eyes, you already know you have a lot more to worry about than just the simple issue mentioned above. My company Vector Systems Ltd can install firewalls at commercial prices, (but I'm afraid the price is beyond normal private citizens). For customers outside our operational area, we offer a free referral index to BSD & Linux consultants around the world.

WANT TO GET REALLY WORRIED ?

If you want to get really worried about web & email security & privacy, go to sites such as http://rootshell.com/beta/news.html or its home page http://rootshell.com

The Author

  • I am a computer consultant with about 20 years in industry, my resume is here.
  • I use free public software
  • I avoid Microsoft products, both professionally & privately.

Berklix.Net Computer Associates Domains Apache: Web Server FreeBSD: Operating System Brexit Stolen Votes