[Cryptography] Encryption opinion
Bear
bear at sonic.net
Sat Sep 13 12:33:37 EDT 2014
On Fri, 2014-09-12 at 22:27 -0400, dan at geer.org wrote:
> > Automated license plate readers used by car repo companies, for
> > example, collect billions of personal records per year, which
> > contribute to vast databases that can be used by law enforcement,
> > insurance companies, banks, and the like, with few limits.
>
> which is germane insofar that if the quality of a phish is the
> plausibility of the context in which it appears, then widening data
> collection materially enables ever more plausible context-generation;
We have to get used to the idea that surveillance and correlating
surveillance data with data found on the Internet is not difficult.
Heck, someone who wants to can just point a camera and an EZpass
scanner out the window from a building near a freeway, hook up
their own OCR software, and start crosslinking EZpass numbers with
license plates. No data theft is required.
In addition to the option of stealing a database to connect license
plates to individual names and addresses, they can also buy the
database from any number of sources of varying legitimacy, or
build their own.
Even if they don't get access to "private" records for addresses,
there are all those youtube videos and facebook pages that contain
images of cars belonging to identified people, with the license
numbers clearly visible. You could simply build a bot that trawls
what google image search returns when you enter "car." It will get
a lot of photos of cars whose license plates it can read, often on
pages identifying the owners by name, or if not then at least
appearing on the pages of a lot of people who you can find
names/addresses for. It's not hard to cross-correlate that data
with what your camera and your EZpass scanner observe out your window.
Nothing prevents the spammers and the phishers and the fraudsters
from doing the same thing our governments and search engines do,
unless perhaps it be the simplicity with which they can save
the time and effort by stealing the data. In fact nothing save
distrust even prevents them from sharing the data they collect.
Bear
More information about the cryptography
mailing list