Privacy and Anonymity on the Internet

Date, Time and Location TBA

for more info, email guelphfreeschool@resist.ca

Introduction

My intention is to introduce people to the concept of true privacy and anonymity/pseudonymity on the Internet. Much of our lives are conducted online, and most are not aware of the privacy implications involved with even simply reading your e-mail. In order to do this, we will need to examine a few basic concepts: who we are, what a computer is, and what the Internet is. Once those foundations have been established, we can start to examine the state of the Online world today, where it is headed, and how to ensure that private information remains private.

Goals

At the end of the course, I expect all those who have attended to be more aware of the information they are transmitting online, and how to control it. I also expect them to be aware of how this information is used, and the dangers posed by knowledge amalgamations, whether they be corporate buyouts, law enforcement efforts, or out-and-out data mining.

As well as being aware of potential information leaks, I hope to introduce a new class of software, designed to ensure certain levels of privacy and anonymity. These tools will require an ability to evaluate a given situation and circumstance for potential privacy breaches, and everyone in the class should be able to identify what is commonly referred to as 'snake oil' products.

Above all, this knowledge will be useless without a better understanding of what exactly the Internet is. Computers in general are shrouded in mystery, and I hope to clear some of that smoke away, to help people further understand what exactly a computer is, how it works, and how it can talk to other computers.

We will not be covering topics like how to use a computer, or a word processor, or a web browser. We will also not be looking at any computer laws in any detail, as the scope of this class only concerns laws inasmuch as they apply to our daily lives. Privacy and anonymity are a right to be fought for, regardless of the state of legislation within the country in which you reside. We will also strive to not concern ourselves too much with the role of government in the daily lives of its citizens, but this topic will be, I feel, unavoidable.

Pre-requisites

There will be a basic expectation of how to use a computer. As stated above, there will be no effort made to explain how to browse the web or read e-mail: it is expected that these skills have already been established. Beyond that, however, no technical expertise is required. This field is only technical because it involves computers; if an understanding can be made of the general concepts, there will be no serious requirement for advanced technical knowledge.

Above and beyond this, there must be a concern for eroding citizen's rights, especially in the face of corporate America and current terror legislation. (Please note that I welcome any and all branches of law enforcement and the government, though I ask that they identify themselves as such beforehand. It would be very interesting to receive criticisms and comments from those who are interested in being able to track online activity.)

Concerns

It is worth pointing out that making efforts to conceal who you are can be viewed with great concern and disdain by governing forces. Please be aware that many of the utilities, tools, and papers we will be discussing (and, if the attendee so chooses, using and reading) /are/ monitored by international governments, and simply by visiting a web page, you can raise your profile within certain agencies. Yes, it is ironic that simply by using tools that are supposed to guarantee privacy, you in effect lose some. However, such is the state of our world today.

That being said, I am willing to make concessions for those who have more sensitive privacy needs. Though I cannot guarantee perfect anonymity, I can make every effort to ensure that full participation can be enjoyed in the class without the need for suspicious online activity.

--------------------------------------------------------------------------------------------

From this point on, the rest of the page is under construction. Some thought still needs to be put into course layout and which topics will be tackled when.

--------------------------------------------------------------------------------------------

Oops. I should have edited this a while ago. In the meantime, we're working on getting this course up and running the week of November 1.

--------------------------------------------------------------------------------------------

Course Layout

Enough babble, on with the course.

I envision an eight-week course, meeting once a week, one and a half hours per night. This is a rough estimate: some nights may go longer, some may end earlier, depending on topics covered, class involvement, and how frequently (and how deeply) we become sidetracked.

At this point, this is a complete and total guess, and it will probably change. As people's minds tend to wander when dealing with technical topics, some nights will likely be much shorter (i.e. week two), and some nights will likely be much longer. It may be better to move to one hour classes, and it is entirely likely everything can be covered in six weeks.

Week One: Introduction and Basics

Introductions What defines a person What defines a person online What a computer is What computers do, what they can't do Why computers are so prevalent What the Internet is; what the Web is The concept of a network The history of the Internet (ARPANet, DARPANet, etc.) How computers talk to each other; perhaps discuss, quickly, the history of computer communications Why is privacy important? (AKA why we're all here)

Week Two: Definitions (the boring stuff)

Review: computers, networks, and the Internet Anonymity vs. Pseudonymity The so-called sliding scale of anonymity Pseudonyms Cryptography

Huh. 'cryptography' is a bit vague, doncha think? Should prolly expand this... There's more stuff here, I just can't think of it right now.

Week Three: Data Mining; or, using logic to learn much more than you've been told

Now we're starting to get to the fun stuff... Data vs. Metadata The concept of 'meta' and its importance in computers Different ways to mine data and metadata How metadata can be used to figure out data The importance of metadata in today's world Traffic Analysis vs. Content Analysis Approaches taken by corporations Approaches taken by governments Hiding data 'Hiding' metadata

Week Four: E-Mail, Instant Messenging, and other online communications

Week Five: Web browsing

Blogs. Need to be addressed. So does MySpace?.

Week Six: Cryptography

This should probably be moved to an earlier week, but I don't want to delay jumping in to real-world scenarios for too long, lest interest wane. I think the best approach will be to introduce the basics of cryptography in Week Two (the boring stuff), then cover it in more detail here. This will be a technically advanced class, so not everyone will likely come. As such, I'd like to restrict the topics to do purely with cryptography, to ensure nobody misses anything important.

Cryptography itself, what it is, etc. Symmetric vs. Assymetric cyphers Digital signatures Non-repudiation Problems with Tying digital signatures to real-world humans

Week Seven: Privacy breaches, real-life scenarios, etc.

A fun week. Where we talk about how people have been tracked down, what role corporations play in this, how it could have been avoided, etc. I'll need to gather notes for this, as though I have lots of stuff kicking around, none of it's in any one location. Yeah, I know, I should expand on this a bit more...