From Tesla Motors to the "Patriot Hack" – Martin Eberhard on Protecting Your Privacy Online

61 Comments


I found Martin Eberhard, co-founder and former CEO of Tesla Motors, in the pages of 2600.

I was deep in the throes of palate nirvana at Stumptown Coffee in Portland (good coffee is not bitter) when I came across a curious article in 2600: The Hacker Quarterly.

Nursing the best dark brew I’ve ever had, I moved from a great article on free global phone calls to another on the language of gang signs, ultimately landing on a column signed not with an anonymous pseudonym but by Martin Eberhard, co-founder of Tesla Motors.

The subject? Engineering a “patriot hack” to protect privacy online. This, I remember thinking, should be interesting…

It was so interesting, in fact, that I reached out to Martin after my bear-rich Pacific Northwest roadtrip and asked for permission to reprint his article here. He graciously agreed.

This article is broken up into four sections, which I titled:

The Patriot Hack – From China’s Firewall to Lockpicking (15%)
The Political and Technical Landscape (60%)
Strategies to Protect Your Privacy (10%)
The “Haystack” Call to Action (15%)

If you want a quick read and aren’t interested in the political or legal aspects, just jump over the second section.

I hope you find this as thought-provoking — and practical — as I did.

The Patriot Hack – From China’s Firewall to Lockpicking

How long can the regime control what people are allowed to know, without the people caring enough to object? On current evidence, for quite a while.

So concludes James Fallows’ article titled “Penetrating the Great Firewall” in the March ’08 issue of The Atlantic. The Chinese firewall is a crude but effective system that looks at every single Internet connection in the country, and decides whether or not the user may proceed, based on policies set by the government. If a Chinese citizen looks too hard for information about, say, Tibetan independence, the Tiananmen Square massacre, or Falun Gong, not only might her search be blocked, she is also inviting a visit from the police.

An outrageous invasion of privacy, isn’t it?

Reading Fallows’ article immediately made me think about how to get around the Chinese firewall, and made me wonder how many people there already have. I guess it’s the hacker instinct in me – I go straight from being outraged about the invasion of privacy to wondering how I might hack it if I had to.

I figured out how ordinary locks worked sometime in junior high school, and soon thereafter, I figured out how to pick these locks, how to make keys for them without fancy locksmith machines, and how to re-key locks my way. Soon thereafter, I discovered computers, which definitely were not personal in those days. I got kicked out of my 10th grade computer programming (Fortran) class for allegedly loading something into the school district’s mainframe that brought the whole thing down. (No comment.) In those days, such security systems were challenges – picking the lock was an end to itself.

As I grew up, I channeled this energy into getting a decent engineering degree, then into becoming an entrepreneur. I guess you could say that Tesla Motors was my first try at hacking the global energy system.

The Political and Technical Landscape

Meanwhile we are busily transforming the “Land of the Free” into a high-tech surveillance society of our own. In the name of preventing terrorism in this post-9/11 world, we have come to accept the Patriot Act, video cameras watching us along highways and intersections, more video cameras in other public places, invasive airport screening, scrutinized financial transactions, widespread wiretaps, surveillance of our online activities, efforts to create national identity cards, face recognition equipment at sporting events, and lots more.

Alarmingly, we give up our privacy not just to protect ourselves from terrorists, but also for mundane convenience: “preference” information gathered by online retailers, credit card usage data, ubiquitous RFID tags embedded in consumer goods, “club” discount cards at supermarkets, deep personal information posted at social networking sites and then sold to marketers, open wireless networks, etc.

In this article I focus on the ocean of data collected about us by search engine companies.

We know that search engine companies collect and save massive amounts of information about our searches, but then again, search engines are so useful and convenient. They ostensibly use this information to tune the advertising that we get to see. We also know that many sites sell the data they collect to others. Who knows to what other ends these data are put? Some, such as Google says as a matter of policy that they will not be evil.

Unfortunately, your privacy is not a right that is clearly or specifically called out in the US Constitution. Some specific aspects of your privacy are protected, such as the privacy of your beliefs (in the 1st Amendment), privacy of your home against demands that it be used to house soldiers (in the 3rd Amendment), privacy of you and your possessions against unreasonable searches (in the 4th Amendment), and perhaps most importantly the 5th Amendment’s privilege against self-incrimination, which provides some protection for the privacy of your personal information.

Since about 1923, the US Supreme Court has interpreted the “liberty” guarantee of the 14th Amendment to guarantee an increasingly broad right to privacy, and is the basis of most privacy protection outside those specifically listed. But the future of this constitutional privacy protection remains an open question. In our current Supreme Court, the so-called “originalists,” like Justices Scalia and Thomas, are not inclined to protect your privacy beyond those plainly and specifically guaranteed in the Bill of Rights. (Supreme Court nominee Robert Bork has derided the right of privacy as “a loose cannon in the law.” Good thing he never made it onto the Court!)

Beyond constitutional protection, your privacy and the protection of your sensitive or personal information are protected somewhat by a patchwork of statutes on a per-industry basis. The Privacy Act of 1974 prevents the unauthorized disclosure of your personal information that is held by the federal government. The Fair Credit Reporting Act protects information about you that has been gathered by credit reporting agencies. The Children’s Online Privacy Protection Act restricts what information about your children (age 13 and under) can be collected by web sites. The Sarbanes-Oxley Act, HIPAA and GLBA each contain some protection for some of your personal or confidential information. Some state laws also provide protection.

Since privacy is not specifically protected in the constitution, there will continue to be a battle between those of us who want our privacy protected and those who want to invade it – often our own government, certainly businesses who aggregate and sell our eyeballs, and worst of all, cooperation between the two.

Let’s not forget most of the phone companies’ gleeful cooperation with the US government’s widespread warrantless wiretap program. You can bet that every service provider company – search engine companies included – is paying close attention to the immunity that Congress is right now granting to these phone companies for their illegal participation in this wiretapping program. [Note from Tim: I did a post on the practical implications of this and FISA here.]

What will happen when the government asks your favorite search engine company to divulge what you and I have searched for? This has happened already. So far, Google has resisted, but AOL and others did not. The World Privacy Forum notes:

“In 2006, AOL released about 20 million search queries of over 500,000 of its users. Those queries were put on the web. Reporters for the New York Times were able to identify a user from the search queries; others have also been able to identify users. In 2005, the U.S. Department of Justice subpoenaed Google, Yahoo, MSN, and AOL for tens of millions of users’ search queries. Google successfully fought the request, and was able to limit its disclosure, but it is unknown how much data other companies may have turned over.”

Although Ask.com has subsequently announced that they will delete your searches after 18 months, Google has not.

To get an idea bout how long Google is interested in your data, a Google cookie on your machine expires in the year 2038! [Note from Tim: this appears to have been reduced but someone with better detective skills should comment.] So the Google search you made 3 years ago for, say, “file sharing music” could come back to haunt you 3 years from now when some new, even more odious version of the Digital Millennium Copyright Act (DMCA) comes into law.

Can even Google forever be trusted not to be evil? To what new ends will they put all that data about us? Anyway, doesn’t it creep you out knowing that they are saving and analyzing every search you have ever made?

And now, with Google’s acquisition of Doubleclick, they will be able to correlate your searches with the rest of your web browsing – and maybe make it more painful to block cookies from Doubleclick and Google.

Strategies to Protect Your Privacy

An anonymizer tool or a proxy site will mask your IP address and some of the info about your computer when you surf the web.

To get an idea about what websites, including search engines already know about you, check out this site: http://ipid.shat.net/. Spooky.

I use an Ironkey when I can, and there are both free sites and pay sites that can make your surfing anonymous. But some websites don’t work well with these tools. [From Tim: I cannot wait to test Pandora — one of my favorite sites — overseas using some of the proxy sites.]

The World Privacy Forum suggests several strategies to help protect your privacy while using search engines:

• Do not accept search engine cookies. If you already have some on your computer, delete them.
• Do not sign up for email at the same search engine where you regularly search.
• Mix it up. Use a variety of search engines.
• Watch what you search for.
• Read your news on one search engine, have your email on another, and use a handful of other separate search engines for Web research.
• Vary the physical location you search from.
• If you surf using a cable modem, or a static (unchanging) Internet connection, ask your service provider to give you a new IP address.
• Be aware that your online purchases can be correlated to your search activity at some search engines.

The “Haystack” Call to Action

Unfortunately, these search strategies are cumbersome and not especially effective.

We certainly can not count on the government to respect or help to protect our privacy. And I would rather not have to trust Google and Ask.com to protect my privacy.

What we need is a simple tool that requires little of our attention, and provides pretty good privacy – something as simple to use as a browser plug-in.

This is an opportunity for a little constructive hacking, and browsers that allow plug-ins provide the perfect opportunity. What I am proposing is a simple plug-in for the Firefox browser (and any other browser that supports plug-ins) that will bury your searches in noise. Let’s call this plug-in “Haystack.” [There are step-by-step tutorials for how to create Firefox plug-ins]

Here is how it works: Haystack generates a relatively low level background of random searches across a variety of search engines whenever your computer and your network connection are not too busy. The goal is to generate hundreds to thousands of random (hay) searches for every real search you do, such that your searches are a small needle in the haystack of these automatically-generated searches.

Search engines generally run analytic software that constantly looks for attacks – denial of service attacks, bogus click-throughs to pump up somebody’s advertising costs, etc. Since the goal of Haystack is to protect our privacy, not to bring any search engine down, it must be written in such a way that, from the search engine’s point of view, it looks like you are just manually searching.

Search engine variety: through a setup option, you can select which search engines Haystack uses, matching the ones you normally use yourself.

Frequency: I think one search every 15 seconds on average is about right, though the interval should be random, varying from say 5 seconds to about 5 minutes. If your machine is on for 10 hours per day, this will generate 2,400 “hay” searches per day. Remember, the goal is to look as much like a lot of human-generated searches as possible, not to jam up the search engine.

Search terms: this needs to be very broad, random, and always changing. I suggest seeding the program with a search word list, and then pulling new search terms from the search results themselves, as well as occasionally from the text on the front pages of news sites like cnn.com. The searches must include a spectrum of provocative terms, so that any such search that you might do will not stand out.

Search complexity: like search terms, broad and random. Search for single words, as well as several words at a time, and even with excluded words.

Computer usage: Ideally, Haystack should not initiate searches when either your computer is very busy or your network connection is very busy. Since the actual search results are not valuable, Haystack should even abort an initiated search by closing the connection to the search engine if CPU usage suddenly increases.

• User controls:
o On/off radio button
o Check boxes to enable one or more search engine sites
o Slider for search frequency (2 seconds to 10 minutes?)
o Button to clear search engine cookies and private data
o Button to get latest version

Output: Haystack should not bother the user with an open tab; the search results should be silently loaded and discarded (after gleaning a new search term or two from the data). A small icon on the toolbar indicating that Haystack is running should be good enough, perhaps also indicating the ratio of Haystack searches to your own searches.

If you and I both run Haystack, then the “information” search engines collect from our searches is mostly noise. Perfect. But think what happens if millions of us run Haystack… It does throw a monkey wrench into their lovely data collection machinery, doesn’t it?

Such is the cost of asserting our right to privacy.

So why am I writing this? Simple: I am a hardware hacker. My software abilities are limited to some really tight assembly language code. I am also spending most of my time planning my next big hack into the world of oil consumption, perhaps the subject of a future article.

Although I care a lot about privacy and recognize its defense as a patriotic act, I am not the one to write Haystack.

Are you?

[Postscript: Readers have suggested several good tools that do most of what Haystack is designed to do. Read the comments for all the goodies, but here are two excellent picks: Scroogle (anonymizes Google searches) and TrackMeNot (noise-producing Firefox plug-in).]

###

Posted on: October 8, 2008.

Watch The Tim Ferriss Experiment, the new #1-rated TV show with "the world's best human guinea pig" (Newsweek), Tim Ferriss. It's Mythbusters meets Jackass. Shot and edited by the Emmy-award winning team behind Anthony Bourdain's No Reservations and Parts Unknown. Here's the trailer.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Comment Rules: Remember what Fonzie was like? Cool. That’s how we’re gonna be — cool. Critical is fine, but if you’re rude, we’ll delete your stuff. Please do not put your URL in the comment text and please use your PERSONAL name or initials and not your business name, as the latter comes off like spam. Have fun and thanks for adding to the conversation! (Thanks to Brian Oberkirch for the inspiration)

61 comments on “From Tesla Motors to the "Patriot Hack" – Martin Eberhard on Protecting Your Privacy Online

  1. Hi Tim,

    Thanks for such a great article on Eberhard!

    I also wanted to share with you my good news of recently going from a $40,000, 60 Hour workweek to now working 12 Hours, and completely remotely!

    Bliss! You and your book continue to be an awesome inspiration! Next step: automation!

    Peace,

    Matt

    Like

  2. Very interesting read. I appreciate the percentages you gave the different sections…maybe someone should write a wordpress plug-in that does this automatically for blog headings (as long as we’re on the subject of developing plug-ins)!

    It is a little scary how much data is collected on our internet usage. Unfortunately I feel like search engines will find a way around what ever “privacy plug-in” users decide to implement. Those google folks are very clever.

    I’m personally not too worried about my search terms being logged. Unless the government all of a sudden starts cracking down on fantasy football leagues, local jazz club patronage, and occasional celebrity gossip searches!

    By the way, Tim, I gave you a shout out in my most recent blog post…I site your blog as the stepping stone that took me into the blog-o-sphere, which before that had been mysterious and scary. So thanks for that!

    Like

  3. It doesn’t do everything listed above, but the Firefox plugin TrackMeNot started down this road: http://mrl.nyu.edu/~dhowe/TrackMeNot/

    The problem is that it probably isn’t too hard for Google et.al. to tell which searches generated click-thru (real) and which didn’t (fake). Obviously they could then sort that wheat from the chaff pretty easily.

    Like

  4. Tim, I can confirm that using an anonymous proxy service abroad works wonders for U.S. based content (Pandora, Hulu, etc.), not to mention that it also keeps your laptop safe while you work from public wifi spots. I’m typing this message from my hotel/home in Viet Nam while listening to Pandora and loving every second of it.

    Like

  5. Very well done!

    I would not be too frightened by our government watching what we do just yet. The government is too busy bailing out the financial industry right now to devote any resources to detecting people’s internet motives. Seriously, most large government agencies that hold power are tied up with the bailout package and the monitoring of the companies it is affecting. This includes FBI, CIA, Secret Service, and others that I’m to lazy to think of right now.

    You see, unless they start writing tickets to the people who do participate in, shall we say, activities of little ethicality, very few people will be prosecuted for such activities on the web. Mainly because, there are simply not enough prosecutors out there to handle it. Taking precautions is a good idea, but I wouldn’t stress out unless you are making profits from unethical activity that is web based (very large fines will be involved if you get caught).

    Again, take the precautions, but don’t think that you are being watched that closely.

    John

    Like

  6. This is a very interesting idea brought forth from Martin.

    I am actually really interested in designing privacy tools like this and have been involved in a couple already. I would be interested in starting an open source project, but in case someone beats me to it I want to expand on his idea.

    What if the Haystack simply becomes an internal spider. It scours your history of all your websites and follows internal links on those domains. It would mess up analytical software (not really my goal) but it would provide an extra layer of security and protect your privacy better. For example NetVibes would no longer know exactly what I am reading, or which websites I am actually visiting.

    Great job bringing this forward Tim – I enjoyed the video about FISA a while ago. Bummer it still passed.

    Like

  7. Yeah, echoing the first commenter, I think the plugin would have to be quite clever to convince the search engine that genuine sessions were running. For example, any searches you manually perform could also be automatically added as individual words to the noise list, creating even more confusion – is the main idea that springs to mind.

    Like

  8. Hang on – *are* you in Portland? If so, seriously, come and tango. Next week we have one of the biggest and best tango festivals in North America.

    And that’s the last I’ll say on that, as I’m *way* off-topic and sounding like a stalker.

    I like the idea of Haystack, but I’m inclined to think that the dedicated snoopers will always manage to a few technical steps ahead of 99% of us. And with things like computer-analysed cctv spreading rapidly in city centres (in the UK, at least, I don’t know about here), and government agencies taking fingerprints at the least opportunity, I think we’re going to struggle to maintain any kind of meaningful right to privacy in the future.

    Dear god, I’m sounding like my friend’s libertarian father, who would seriously like to move to a bunker in Colorado. It’s not that – it’s just that I’m English. We’re not known for our political optimism. :) I would love to be convinced I’m wrong.

    Like

  9. Interesting and scary read. I, like many others I know, am aware of the security risks and very open holes in our systems, but lack the drive at times to make the switch in habits (beyond basic, common sense changes). The IronKey looks interesting and Martin is not the first one to recommend it, however what about something for Mac users?
    Tim – I know you own a little silver box… is there a simple, secure method available that works with a Mac like IronKey works with PC’s?

    Like

  10. Tim, I live in China. Most expats here, and savvy young Chinese, know how to use proxies. Many use the Gladder (“Great Ladder for Great Firewall”) Firefox extension, which works great. Once you have set it up for the websites you use often, you forget the Great Firewall is even there.

    As for the Haystack idea, it already exist – it’s called TrackMeNot. But of course an alternative option is always good.

    Like

  11. Hi Tim, there is an interesting speech that Kaiser Kuo, from ogilvy China, gave at bTWEEN about China netizens and censorship, it’s worth watching :)
    http://just-b.com/btween/sessions/censorship-culture-chinese-netizens

    What is perceived by us as the Great Firewall is more a Net Nanny to the Chinese netizens and they already have a lot of strategy to avoid it.

    Thus, the answer to “How long can the regime control what people are allowed to know, without the people caring enough to object?” is not “On current evidence, for quite a while.” they already objected in their own Chinese way by quietly working around it :)

    My wife is Chinese, and I go in China from time to time, and I am always astonished about the perceived helplessness of Chinese people in Western countries.

    And by the way, to add to the list of anonymity tools: http://www.torproject.org/

    Like

  12. Hey Tim,

    It’s true that privacy is a major concern. Things like FICA, DMCA, cameras everywhere I look, scare the crap out of me. It’s impossible to go totally off the grid now.

    However, looking at this from a content provider’s perspective, allowing Google to serve me advertising based on my interests isn’t such a bad thing. On occasion I *do* find ads helpful.

    As someone who strongly advocates using Adwords, what kind of effect do you think it would have on product marketing, and the economy in general, if Haystack were enabled on every PC and search patterns became untraceable?

    I’ll bet that you happily use Google Search, Gmail, and other G products as well. Keep in mind those tools are free only because Google is able to achieve some level of precision matching advertisers to buyers. Haystack would take that away.

    The fact that we don’t have new laws in place to protect the privacy of search data to some degree (legal cases, for example) is appalling. “The Constitution doesn’t protect it” is a ludicrous argument, because there’s no way the Founding Fathers could have predicted this great of an advance in technology. Ironically, the same Supreme Court judges who argue against privacy protection use this same argument (“there’s no way they could have known…”) as a sound argument for all sorts of other infringing legislation (gun control is a recent example).

    The renegade approach described in this article will certainly do a decent job of protecting your own privacy, but if everyone used it we’d be screwed. The author was right…this is indeed a hack, not a long term solution.

    Here’s an interesting thought: what if the hack worked so well that the ad brokers had no choice but to lobby as hard as they could for privacy legislation, so that at least some of their users would feel safe disabling the hack…making search data relevant again?

    Like