It seems I can’t click more than three links in the blogosphere lately without reading about Vice Presidential nominee Sarah Palin’s email being hacked (which is 1.5 more than I can go without reading about Palin herself, but that’sa different rant). And yet, I’ve not come across any blog posts or news articles outlining the real tragedy highlighted by these events. The complete loss of privacy in the new millennium. I’m not talking about the loss of Sarah Palin’s privacy. She was fool enough to use some of the weakest “protection” available. No, I’m talking about the (so-called) hacker’s privacy.
You see, this college kid went to the “trouble” of using a proxy service called ctunnel to try and hide what he was doing. Why did he use ctunnel? I have no idea, but a quick look at their website gives the following reasons one might want to take advantage of their service-
This can be done to evade website blocking by schools, corporations, or governments, to access websites that would normally be blocked. It can also be done to protect your anonymity, so that the website you are visiting does not know who you are.
Because our visitors value their privacy, it is not in our interests to spy on you, lest we lose traffic and advertising revenue. Because government subpenoa could require us to hand over our server access logs, access logs are regularly deleted to protect your privacy. In short, we value your browsing experience as well as your anonymity, and would not do anything to break your trust in us.
Definitely gives one a “warm and fuzzy” feeling about their privacy, does it not? Unfortunately a closer look at their terms of service leads us to this-
We take user’s privacy very seriously, and normally will not knowingly disclose confidential information to anyone. However, we reserve the right to cooperate with law enforcement agencies who are investigating criminal activities undertaken by users of our service. In logging access to this service, we try to balance our need to have access to useful site performance data and the need to be able to cooperate with criminal investigations with our user’s needs for privacy. Currently our goal is to log only that information which is necessary to comply with legitimate law enforcement inquiries for a period of 7 days from the date of access. This logging policy is a goal and not a mandate.
In other words if you, like the kid who broke into Palin’s email account, want actual privacy, you need to look elsewhere. And how, exactly do I know it was a college kid that broke into Palin’s Yahoo! email? Well, that’s simple. From a recent Threat Level article–
As reported here last week, Gabriel Ramuglia, owner of the internet proxy service Ctunnel.com, which Palin’s intruder used to access her account and obscure his IP address, was examining his logs for the FBI to trace the intruder’s IP address. Ramuglia told Portfolio that the FBI asked him about only one IP address, which he declined to disclose but said he had matched the address to web activity “consistent with what websites the hacker was expected to have visited through (the Ctunnel) service.”
Yep, aside from the kid being essentially an idiot when it comes to covering your tracks on the internet (by all accounts), he would have been given up by Ctunnel anyway. And, if there is ever a prosecution then their records will be used against him.
Lessons learned? Don’t trust anyone with your privacy!