Elements of Privacy in a Digital world Experiment #1



The purpose of this experiment is to determine the vulnerability of standard Internet "Identities" that are common to most users.  This includes Facebook identities, gmail identities,  linked-in identities and other common forms of Internet personalities.

Methodology

Multiple digital identities (some actual, some created) will be exposed to the current systems for communications and information storage to test various strategies of privacy enforcement.  The target digital identities will attempt to converse with each other and outside persons and groups using common systems and structures (example Facebook, email, sms texting, etc) using both encrypted or coded messages and systems as well as un-ciphered “plain text” communications.

Test criteria

Identities will each be given a number of secrets to “keep.”  These secrets will include locations, personal details, internet history, and a variety of special information units, such as income, special plans, intentions or upcoming events.

Each identity will attempt to communicate and store their own and some of the secrets of other identities without exposure.  Identities will be considered “exposed” when any one or more of their “secrets” are clearly acted on by an outside individual or group. 

Every attempt will be made to isolate the exact moment and agency of each identity’s exposure to enable the creation of a knowledge bank of exposure methodologies.  Various tools will be employed to track the exact form and content of each identity’s communications so as to assist in the tracking of current information gathering methods and practices.

Each identity will be periodically and randomly stress tested to insure that their secrets are still “private.”

Each identity’s details (name, user ids, personal details, accounts etc and “secrets”) will be stored on USB memory sticks for security.  These USB storage devices will only be connected to a single computer for building and retrieval.  Direct access to this computer will be limited by password, mac address, PeopleSpeak encryption, rotating challenge-response based access security and location and time sensitive acceptance of information.  To prevent inadvertent or purposeful exposure the location of this computer will be unknown to any participant in the study, including any member of GrayResearch.Net.



Details of criteria

  • Identities - available at close of study
  • Secrets - available at close of study
  • Tracking tools - available at close of study
  • Stress testing methodology - available at close of study
  • Id and secret storage computer security system - a “plug computer” system, linux based, secreted in an unknown location. 
  • Password - a series of random characters or a phrase of sufficient length
  • MAC address - the inquiring machine’s LAN or WiFi adapter’s address
  • PeopleSpeak encryption - 1024 bit multilayered proprietary encoding developed by GrayResearch.net
  • Rotating challenge/response - a series of questions and answers only known to the authorized inquiry agent
  • Location and time sensitive acceptance of information - the storage computer will only accept communications from certain locations at certain pre-arranged times.


Notes for Experiment #1