Shallow Thoughts : : Mar

Akkana's Musings on Open Source Computing, Science, and Nature.

Thu, 27 Mar 2014

Email is not private

Microsoft is in trouble this week -- someone discovered Microsoft read a user's Hotmail email as part of an internal leak investigation (more info here: Microsoft frisked blogger's Hotmail inbox, IM chat to hunt Windows 8 leaker, court told). And that led The Verge to publish the alarming news that it's not just Microsoft -- any company that handles your mail can also look at the contents: "Free email also means someone else is hosting it; they own the servers, and there's no legal or technical safeguard to keep them from looking at what's inside."

Well, yeah. That's true of any email system -- not just free webmail like Hotmail or Gmail. I was lucky enough to learn that lesson early.

I was a high school student in the midst of college application angst. The physics department at the local university had generously given me an account on their Unix PDP-11 since I'd taken a few physics classes there.

I had just sent off some sort of long, angst-y email message to a friend at another local college, laying my soul bare, worrying about my college applications and life choices and who I was going to be for the rest of my life. You know, all that important earth-shattering stuff you worry about when you're that age, when you're sure that any wrong choice will ruin the whole rest of your life forever.

And then, fiddling around on the Unix system after sending my angsty mail, I had some sort of technical question, something I couldn't figure out from the man pages, and I sent off a quick question to the same college friend.

A couple of minutes later, I had new mail. From root. (For non-Unix users, root is the account of the system administrator: the person in charge of running the computer.) The mail read:

Just ask root. He knows all!
followed by a clear, concise answer to my technical question.

Great! ... except I hadn't asked root. I had asked my friend at a college across town.

When I got the email from root, it shook me up. His response to the short technical question was just what I needed ... but if he'd read my question, did it mean he'd also read the long soul-baring message I'd sent just minutes earlier? Was he the sort of snoop who spent his time reading all the mail passing through the system? I wouldn't have thought so, but ...

I didn't ask; I wasn't sure I wanted to know. Lesson learned. Email isn't private. Root (or maybe anyone else with enough knowledge) can read your email.

Maybe five years later, I was a systems administrator on a Sun network, and I found out what must have happened. Turns out, when you're a sysadmin, sometimes you see things like that without intending to. Something goes wrong with the email system, and you're trying to fix it, and there's a spool directory full of files with randomized names, and you're checking on which ones are old and which are recent, and what has and hasn't gotten sent ... and some of those files have content that includes the bodies of email messages. And sometimes you see part of what's in them. You're not trying to snoop. You don't sit there and read the full content of what your users are emailing. (For one thing, you don't have time, since typically this happens when you're madly trying to fix a critical email problem.) But sometimes you do see snippets, even if you're not trying to. I suspect that's probably what happened when "root" replied to my message.

And, of course, a snoopy and unethical system administrator who really wanted to invade his users' privacy could easily read everything passing through the system. I doubt that happened on the college system where I had an account, and I certainly didn't do it when I was a sysadmin. But it could happen.

The lesson is that email, if you don't encrypt it, isn't private. Think of email as being like a postcard. You don't expect Post Office employees to read what's written on the postcard -- generally they have better things to do -- but there are dozens of people who handle your postcard as it gets delivered who could read it if they wanted to.

As the Verge article says, "Peeking into your clients' inbox is bad form, but it's perfectly legal."

Of course, none of this excuses Microsoft's deliberately reading Hotmail mailboxes. It is bad form, and amid the outcry Microsoft has changed its Hotmail snooping policies somewhat, saying they'll only snoop deliberately in certain cases).

But the lesson for users is: if you're writing anything private, anything you don't want other people to read ... don't put it on a postcard. Or in unencrypted email.

Tags: , ,
[ 14:59 Mar 27, 2014    More tech/email | permalink to this entry | comments ]

Fri, 21 Mar 2014

Flicker Morning

[Northern Flicker on our deck] "There's a woodpecker sitting on the patio", Dave said, shortly after we'd both gotten up. He pointed down through the gap where you can see the patio from upstairs. "It's just sitting there. You can go down and look through the door; it doesn't seem to mind."

Sure enough, a female northern flicker was sitting on the concrete patio deck, immobile except for her constantly blinking eyes and occasionally swiveling head. Definitely not a place you'd normally expect to see a woodpecker.

Some twenty minutes earlier, I remembered, I'd heard a couple of thumps on the roof outside the bedroom, and seen the shadow of wings through the drawn shades. I've heard of birds flying into windows and getting stunned, but why would one fly into a roof? A mystery, but I was sure the flicker's presence was related to the thumps I'd heard.

I kept an eye out while I made coffee and puttered around with normal morning chores. She wasn't budging from that spot, though she looked relatively alert, keeping her eyes open even while sitting immobile.

I called around. (We still don't have internet to the house -- Comcast keeps giving us the runaround about when they'll dig their trench, and I'm not entirely convinced they've even applied for the permit they said they'd applied for three weeks ago. Maybe we need to look into Dish.) The Santa Fe raptor center had a recorded message suggesting that injured birds be put in a cool dark box as a first treatment for shock. The Española Wildlife Center said if I thought she was injured and could catch her, they could take her in.

I did suspect she was injured -- by now she'd been there for 45 minutes or more, without moving -- but I decided to give her some time to recover before going for a capture. Maybe she was just in shock and needed time to gather herself before trying to fly. I went on with my morning chores while keeping an eye out for coyotes and ravens.

For two hours she remained there. The sun came out from behind the clouds and I wondered if I should give her some shade, food or water, but decided to wait a while. Then, as I was going back to the bird book to verify what kind of flicker she was and what gender, she suddenly perked up. Swiveling her head around and looking much more alert than before, she raised herself a little and took a few steps, to one side and then the other. More head swiveling. Then suddenly, as I was reaching for my camera again, she spread her wings and flew off. A little heavily and stiffly, but both wings looked okay.

So our morning's flicker adventure has a happy ending.

Tags: ,
[ 11:46 Mar 21, 2014    More nature/birds | permalink to this entry | comments ]

Syndicated on:
LinuxChix Live
Ubuntu Women
Women in Free Software
Graphics Planet
DevChix
Ubuntu California
Planet Openbox
Devchix
Planet LCA2009

Friends' Blogs:
Morris "Mojo" Jones
Jane Houston Jones
Dan Heller
Long Live the Village Green
Ups & Downs
DailyBBG

Other Blogs of Interest:
DevChix
Scott Adams
Dave Barry
BoingBoing

Powered by PyBlosxom.