Saturday, October 23, 2010

You thought your surfing and email were private? Hah. Haha. Hahahaha.

Your computer is being spied on by organizations all over the world. There are over 1 billion spy computers in the global network tracking every move you make. They read your email (unless you use an encryption option), and track your surfing habits.

You probably fit into the profile of the average user, who has no idea this is going on. But organizations from all over the world are tracking your activity for their own purposes, whatever they may be.

Let me start by explaining how you retrieve information from the World Wide Web (WWW).

When you click on a link in a web page, your request goes first to your Internet provider, for example, AT&T or Comcast. They pass on this request to the Internet backbone, and it is picked up by another server, that passes on your request, until eventually you arrive at the web page you are requesting. Once your request arrives at the server that is storing the web page you want, everything reverses, as packets of information are passed back to you by the same process. This path is routed at the whim of the management of the servers in the path, and every web site you visit will follow a different route.

As you can see, you are broadcasting your surfing habits, and this information is being intercepted, and passed on, by a large number of random servers, and infrequently by the same path twice, as you surf to different web sites.

Your request may go around the world to access a site that is virtually next-door. At each server along the way, your computer's address on the Internet (IP address) is passed along, with all your requested information, so that the server that eventually finds the particular web site can pass the information back to you. What you are looking for, and where you live, are known by every computer in the link, both there and back.

When the web page is returned to you, it comes back to your computer's HTML port. But all those servers along the way, now they have your IP address, can discreetly come back to your IP address, and gently prod for access on the other ports on your computer, to try to get more information on your activities.

And so, you blithely surf the web, completely unaware that you are being spied upon. These attacks are usually made using other ports on your computer (most commonly the UDP port).

The mind-boggling aspect of this is the sheer number of organizations involved globally in this kind of activity.

If you are interested in seeing who is spying on you, here is a simple solution that is easy to install.

"Good morning, Mr. Phelps. Your mission ....."

There is an application called Peerblock, which actively blocks these intrusions. It uses a database from, which is continually updated by volunteer participants, to decide which IP addresses to block.

Currently, PeerBlock tells me it is actively blocking 1,001,871,255 IP addresses! Over 1 billion IP addresses?

In a few hours, over 600 clandestine requests are made, according to Peerblock's log.

If you want to see which sites generate the most activity, install Peerblock. It runs in the background, and has no visible impact on computer performance. When you start PeerBlock, the first thing it will do is update the list of IP addresses it will be blocking. Then, it will open as a background application, and appear as a little blue box on the right-hand-side of the taskbar. Double-click on this, and you can watch the window as your computer is attacked.

If your monitor is large enough, open the PeerBlock window and a browser window side-by-side, and surf the web, and look at which web sites generate the most activity.

You will quickly understand that your entire Internet profile is kept on file by thousands of organizations around the world, who can profile you, and your interests. And, in the US, all your email.

Personally, I accept that we have already witnessed the death of privacy. Even before 9/11, the US Federal Government was keeping track of every piece of email that traveled the web, using a program they developed called Carnivore. In 2005, this was abandoned in favor of commercial software that does the job better, and more efficiently, such as Narusinsight, which can also perform a far wider range of espionage activities on your surfing habits as well as your email.

If the idea that your activities are so transparent alarms you, or that your business activities are laid open to such scrutiny, then I wouldn't worry too much. The sheer load of data that is being gathered is too overwhelming to be deeply analysed.

But wait ten years. The data will still be there, but by then, we will see computer systems emerging that are over 100 times as powerful than the computers we have today (Moore's law). And in 20 years time, they will be over 8,000 times as fast.

There will come a time when there is enough computing horsepower to fine-tooth-comb your past activities. And your data will still be around.