Posts Tagged ‘privacy’

More privacy for you.

Monday, November 16th, 2009

For more than seven years I have used Sitemeter to see and analyze the traffic to my website. The service was originally recommended to me by Jörg Kantel, but in recent years I grew more and more disenchanted by Sitemeter – they teamed up with different advertising partners, made their JavaScript more complex, and there is also the ongoing privacy related discussion. In addition, because it could only count those visits that actually accessed the JavaScript code that is embedded into a HTML page, Sitemeter did not count those who would not activate the script. So the count missed out on those who block JavaScript and it also never counted access to the PDF, audio and video files that I host here.
In spite of all of these disadvantages, there was no real alternative for me, since Google Analytics is even worse when it comes to data collection, and since I did not have access to the webserver logs. All of this changed a few months ago when zedat, FU’s IT unit made it possible to access the weblogs for the userpage that they host. Since that change, I have now and then experimented with this feature, and with the help of the nice staff at zedat, I was able to set up a working solution using cron jobs and Visitors. Although Visitors is somewhat dated and not as feature-rich as I would like, it is good enough to finally get rid of Sitemeter. (And installing/using it does not require a lot of technical skills.)
So beginning today, accessing my website will: 1. better preserve your privacy and 2. be faster, since my pages are now completely JavaScript free and since your browser won’t have to access several different domains to load a single page. Win-win situation for you and me!
Sitemeter’s final count for this site was: 128,247 Visits and 193,571 Page Views.

Von wegen billig einkaufen.

Wednesday, March 26th, 2008

Eigentlich habe ich mich ja schon auf das Einkaufen im Tiefpreisparadis Berlin gefreut. Aber bei Meldungen wie dieser: Datenschutzverletzungen: Lidl fällt als Wiederholungstäter auf fällt mir eigentlich nichts anderes mehr ein, als das Einkaufen bei Lidl dauerhaft zu boykottieren. Ich habe das auch schon in der Vergangenheit versucht, aber die Tatsache, dass die Lidl Filiale einfach direkt um die Ecke ist und dass die Waren dort billiger sind, haben mich doch immer wieder dort hinein gebracht. Schluss damit! Es kann nicht sein, dass man versuchen muss, solche unglaublichen Praktiken durch Verbraucherverhalten zu sanktionieren. Soweit darf es nicht kommen – insbesondere wenn die Vielen, die nur sehr wenig Geld zum Leben haben, kaum eine Alternative zum so-billig-wie-möglich einkaufen haben.

Befreiungsschlag.

Monday, February 6th, 2006

Puha. Endlich habe ich mich durchgerungen, mein E-Mail Konto mit dem Benutzernamen frers bei web.de aufzulösen. Nachdem ich schon seit einigen Monaten nur noch eine Weiterleitung auf mein gmail / googlemail Konto laufen hatte, habe ich nun das Konto ganz gelöscht. Eine Bürde ist von mir genommen. Ungefähr 80% der Spammails, die ich über meine privaten E-Mail Adressen bekomme, gingen an die web.de Adresse. Dazu kommen dann noch die ständigen, nervigen InformationsWerbe-Mails von web.de – alles in allem: kaum zu ertragen. Das Webinterface ist auch penetrant.
Nun wünsche ich Google viel Vernügen beim indizieren meiner E-Mails… Wer das vermeiden will, kann die E-Mails ja verschlüsseln – entweder mit PGP/GPG (mein Schlüssel ist unten in der Seitenleiste verlinkt) oder mit meinem Thawte E-Mail Zertifikat (findet sich in meinen signierten Mails).

Some things aren’t easy even when they should be.

Saturday, September 11th, 2004

Motivated by an article in the most recent issue of c’t called Absender-Authentifizierung schützt vor Spam I decided to give it a shot and install certificates into Mail.app, the default E-Mail programm for OS X. This was not exactly a trivial issue, but the goal was worth it: being able to digitally sign my e-mail and also use encryption. (I am an avid user of PGP/GPG encryption technology since the late nineties, but I also wanted to check out this alternative, since, sadly, very few people actually use PGP.) First I wanted to use the certificate provided by the German mail provider web.de. Since that did initially not work as intended, I checked an enormously helpful site called macosxhints. There I found quite a few tips that helped me tackle certification, signing, and encrypting issues in Mac OS X. Since I had problems with the web.de certificates I decided to follow the advices on that macosxhints and got myself free personal e-mail certificates from thawte. After a few experiments I finally got the certificates installed: I had to use either Firefox or Mozilla to install the certificates into these browsers and then was able to ex- and import these certificates into the Mac OS X keychain, which is used by Mail, Safari and other Mac OS X native apps. After importing these certificates everything went as expected. For good measure I later installed the root certificates of web.de , the DFN, and several relevant German universities.

Regarding the problems I had with the web.de certificate: I did not install the web.de root certificates when I first tried to use their certificate for signing purposes, which might be the reason why it did not work. Problem is, I was looking for a link to the root certificates in my personal options pages at web.de but did not find anything. They weren’t even mentioned, even though I explicitly looked for them. One more thing regarding web.de: the c’t article gives a link to the web.de TrustCenter, saying that under this link free certificates can be acquired. This is not true anymore. One has to have a web.de account to get a certificate. (The account is free though – but I think the author thought registration for an account wasn’t necessary, otherwise it would probably have been mentioned.)

Fingerprints for all of my keys/certificates can be found at the bottom of the sidebar on this page.

Bluetooth scare.

Saturday, May 15th, 2004

On my way to Darmstadt this Wednesday I had the luck to sit in an ICE2 wagon, which provides power for my PowerBook – usually you only have ‘powerless’ ICE1 wagons going from Berlin via Franfurt to Basel or Zürich. So I had my PowerBook up and running including digital paraphernalia such as my USB bluetooth dongle to connect to my mobile. Well, I was pretty surprised when suddenly a message popped up that a file called “vorsicht.pwi” was sent to my computer via bluetooth! A look into the directory which I have designated to be the receiving directory for bluetooth files revealed that indeed, there was a new file bearing that name. This was the content of the file (there were a lot of non-readable characters in the file too, you can download this and the other file as a zipped archive if you want to check out the exact contents):

 Vorsicht, sie wurden gehackt! Sit auch im Zug!!    B ”   #     O 

A minute or two later I got another message with the same name. This time the content read:

   d d    P   /   =
    S     S    @    
    F    E *  !   A *   E L     +
 Vorsicht, sie wurden gehackt! Sitze auch im Zug!! Bitte aufstehen!!!    B +   $
 !      ’
 A !    B ” 

Well, I did not stand up, as the ‘hacker’ requested, instead unplugging the bluetooth dongle and then checking my bluetooth settings. So far I had both not changed the default settings which turn on visibility for my bluetooth port and which disable encryption for bluetooth connections. I then used my mobile (a SonyEricsson T68i) to look for other visible bluetooth devices in the train compartment, and subsequently discovered a device with the name “Nokia6610” (not sure if the model number was this or something else). I didn’t do anything related to the Nokia though and later decided to turn on my bluetooth connection again, this time with visibility turned off and encryption turned on. No more detectable hassles for the rest of the trip. Strange nonetheless. I guess this person did at maximum have access to the directory which I have designated as being accessible for bluetooth devices. Seemed to be more a joke to scare people off (and correctly point to the weaknesses of unprotected bluetooth connections). However, Heise has posted an article on bluetooth device security problems on the same day that I was ‘hacked’ – nice coincidence.