What they know (not even the NSA)

The recent revelations regarding the data from our phone and online activity being collected by the NSA reminds me of one of the arguments made in Program or Be programmed (my previous post on this book). Learning something about how computers works takes away some of the mystery and naiveté.

I am far from a professional, but allow me to offer a glimpse into the type of data a server can collect about your behavior.

Here is a line of data from the server log accumulating on learningaloud.com (if you are viewing this a line of data will now be recorded based on your present behavior).

220.181.126.47 – – [12/Jun/2013:06:28:32 -0600] “GET / HTTP/1.1” 200 54914 “http://curmudgeonspeaks.com/” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)”

Someone connected from IP 220.181.126.47. I can do a who is ip and find out that 220.181.126.47 is in Beijing (unless some weird stuff is going on). I know when the request to view http://curmudgeonspeaks.com/ occurred and it appears that the user was using FireFox on a Windows machine. I do not use authentication (the dashes that appear toward the front end of the line of data), but if I did I would know whatever I required for a login.

The IP you use to connect (from the same computer) may change (dynamic IP), but you can find out by using a site that will bounce your IP back to you. If you turn your machine off and then on and check your IP each time, you can find out how consistently the same IP is associated with your computer. What I am describing here is your home location and not a laptop you might carry from coffee shop to coffee shop.

This information is pretty much standard – no use of cookies, n0 attempts to log the MAC address (unique to each computer). This is just to get you thinking a bit.

Now consider a situation in which you not only generate the type of data I describe here, but also log in. So, for example, I use several Google services that require I log in (e..g, gmail, Google+). Once I log in to any of these accounts, I must assume Google knows me across all services. So, if I use gmail and then make searches, the searches I make can be traced to me. Google is even willing to share this information with me in summary form – the account history. The following is part of my history for the past month – the number of searches I conducted and the top searches.

googlehistory

 

So, this is just a start and this is the obvious stored information. I assume my university knows even more about me. I must sign in on campus (from any computer) and this would allow pretty much any online activity to be linked to my login.

What did you think was going on?

This entry was posted in Uncategorized. Bookmark the permalink.