Misunderstanding Computers

Why do we insist on seeing the computer as a magic box for controlling other people?
Why do we want so much to control others when we won't control ourselves?

Computer memory is just fancy paper, CPUs are just fancy pens with fancy erasers, and the network is just a fancy backyard fence.
コンピュータの記憶というものはただ改良した紙ですし、CPU 何て特長ある筆に特殊の消しゴムがついたものにすぎないし、ネットワークそのものは裏庭の塀が少し拡大されたものぐらいです。

(original post/元の投稿 -- defining computers site/コンピュータを定義しようのサイト)

Saturday, October 24, 2015

Why Personal Information in E-Mail Is Not a Good Idea

Postcards are fun. You can use them to keep in contact with people without having to think too hard.

I never got in that habit, and I don't tweet for pretty much the same reasons.

But they are useful to many people.

But you would never write a password or your social security number or your bank account number on one, would you?

Hey, Margot, this is the cliff I dove off today! Acapulco is GREAT! We're extending a week. Wish you were here!
And, hey, my PIN for the account at ABC Bank there in Brownfield is 7734. Can you pull out a hundred and go to the kennel for me and make sure Snickers is being well taken care of? I'd really appreciate it!

Love you loads, George.

The cat's name in the above may or may not be bad to put on a postcard, depending on whether George is using it as one of those things bits of information banks and such ask you for, to help identify you in the case of a lost password.

(And you really wouldn't use Snickers as a plain password, now, would you? Whether 7734 is a good PIN or not, well, I wouldn't use it. Banks really should quit using PINs at ATMs. Anyway.)

Now, you might put that in a letter, in an envelope. I wouldn't recommend it, but you might.

You want a fairly thick envelope if you do, to help in case someone holds your letter up to a light to read through the envelope.

And you want to fold the paper so that the sensitive information, the PIN the town name, and the bank name, are covered by as many layers as possible.

Don't make the envelope too thick, that might tempt someone to steam it open.

And write more, so that the sensitive information doesn't stick out so much. Rephrase things a little. Tell Margot about the markets you visited:
Hey, Margot, you like this postcard? This is the cliff I dove off today! Got a selfie, but the internet connection is terrible at the hotel. Still, you may get the selfie in e-mail before you get this.

Acapulco is GREAT! Fantastic markets. Good bargaining, although I'm sure we're being too nice and still paying too much.

We're having so much fun, we're extending a week.
Got a favor to ask, and I'll bet you can guess. In fact, you're probably calling me irresponsible for extending with the cat in the kennel and all.

You know where I bank? Yeah, that ABC. I'd really appreciate it if you could get some money out for me and go check up on Snickers for me. A hundred should cover the extra time and treat for him. Give him a hug for me, huh? 7734 is the number to use at the you-know-where. (I know, it's one of my stupid calculator trick numbers and anyone who knows me could guess it quickly enough if they were trying to get into my bank account.) Maybe you should change it for me while you're getting the money out.

We found this cool leather purse that we know you'll love. The motiffs look Toltec to me, but, hey, you don't have to tell anyone where I bought it, you think?

We should still make it back in time for the big soccer game.

Love you loads, and give our love to Fred and the kids.

If you fold that correctly in three, there can be a layer of (mostly) non-sensitive information over both front and back of the layer with sensitive information. And the postcard can add another layer. Look at how you're folding things and putting them in the envelope.

If someone knows the information is there, it's no longer secret. But you can avoid people who don't know it's there noticing it and deciding that this letter is the one they want to steam open.

The best thing, of course, is to arrange this with Margot and the kennel before you go, so that you could just tell her, on the postcard:
Hey, Margot, this is the cliff I dove off today! Acapulco is GREAT! We're extending a week. 
Sure appreciate you looking after Snickers for us. Could you give the poor fellow a hug and my apology for leaving him there another week when you go take care of things at the kennel? 
Love you loads, George.
And if you do need to mention the bank and paying the kennel, put it in an envelope.

So, what does this have to do with e-mail?

E-mail is a lot like postcards. There is a digital "envelope", but it doesn't really cover anything. Even though they call it an envelope, it's just a few more lines of data, and anyone who can read the envelope can read what you write in the e-mail.

Who does that anyone include?

Well, system admins, the NSA, interns at your provider who have been asked to check something on the mail server, etc. Random people at your office, or roommates, etc., who have discovered certain commonly used tools like tcpdump.

Depending on the way your provider sets things up, if your neighbor is on the same provider and is experimenting with his network interface card, she may be able to put it in a mode that lets it see all the data that passes through your modem.

Encryption is one solution. But you don't know how to do that.

That's one of the reasons why, when Microsoft decided to jump on the internet and make it a bandwagon before we really had proper standard methods for encrypting and decrypting e-mail, they were behaving really irresponsibly. (Criminal negligence, in my opinion, but apparently I don't count. And now we are all criminally negligent for not fixing things.)

Now, say you are stuck. You didn't plan ahead. And you need to put your bank information in on postcards. What can you do to make things a little safer?

Five different postcards. First:
August 10th, am. Hey, Margo, look at the cliff I'm diving from here! I dove off it four times. Keep this postcard. I want it when I get back. Poor Snickers is going to miss us. Can you call the kennel and ask them to give us extra time? Luvya, George.
August 10th, pm. Margo, Just had to send you this postcard of the market here, too. Found you a nice leather purse at the fourth shop on the right, there. You'll love it! Don't lose this card, either, okay? Hugs and kisses, George
August 11th, am. Hi again, Margo! Great lunch at this cantina. Seven guitarists. Unbelievable music. Make sure you keep this card, too, okay? your little brother, George
August 11th, pm. Margo, do you see this bank? The seventh building on the left on this street. Doesn't it remind you of the ABC bank back home? I think I've been getting too much sun, but keep this card, too, okay? George.

August 12th. Margo, lovely blue ocean, don't you think? Snickers would love the beach, if not the water. Speaking of the kennel, they need money. You need a number to get it. I'm looking backwards at it in time at the postcards I just sent you. love you loads. George.
Too obscure?

Well, look how we did this. The fact that a PIN was being sent in reverse order was saved until the last. (Okay, there was a number other than the date in each, see? And the PIN is reversed, just to make it more of a puzzle.) That way, someone at the post office in Acapulco would be much less likely to copy those numbers down.


  • Besides the obscurity? 
  • And the possibility that all five postcards end up in Margo's mailbox on the same day? 
  • Or the possibility that she just shook her head and said, "crazy little brother." and threw them all away?
  • Or that the words "save this postcard" induced someone at the NSA to take note and keep copies?
  • etc.
So, make arrangements in advance, in person, not through the mail.

E-mail has a further disadvantage, in that each server on the path from George to Margo has to make a copy to have a copy to send on. Some servers keep those cached copies around for a week. If that intern finds the messages, it's not going to be hard for him to put them together.

Never send a bank password or PIN through e-mail. Maybe no one will see it, but it's not worth the chance.

Well, if you do have to do something like that, have Margo change the PIN as soon as she's used it. (But that could be a race, to get it changed before someone can use it to steal from you.)

Of course, the bank has strictly warned you not to tell Margo your PIN, anyway. If you do and she robs you blind, it's not the bank's fault.

What if you have to send a bank account number through e-mail? Surely that's not as dangerous as a PIN?

Well, the bad guys can't use one without the other, sure. But having either one is half-way there. It's a lot closer than having neither. It's a lot safer for them to have neither.

How often can you change your bank account number?

So, make sure this kind of information never gets on the internet, by giving it to the other person directly, face-to-face. Or use properly e-mail encryption software, like PGP or gnupg.

With that warning, I'll suggest an approach that will reduce the risks somewhat.

First, tell Margo to read this blog post.

Then, split the account number into five or more parts. Say the account number is

Branch: 1723; account: 12340987

make it

17 23 123 40 987

(Note: 40, not 09.)

Multiply each part by a different number, say, 9, 3, 7, 5, 2
  • 17 * 9 = 153
  • 23 * 3 = 69
  • 123 * 7 = 861
  • 40 * 5 = 200
  • 987 * 2 = 1974

Send Margo seven messages like this:
  • I'm going to send you those sample English sentences now.
  • My father is sixty-nine years old.
  • I live at 153 Downing Street.
  • I must remind myself of the year 1974.
  • That two hundred pound bear is mine.
  • Send me 861 grams of chocolate.
  • What do you think of those samples?
She sends you a message like this:
Well, those aren't bad sentences. I got five of them. I need more.
And you send her the next set of sentences, again, in five different messages:
  • Okay, I think I found some more.
  • There are seven heavens for me.
  • I have nine lives.
  • My bonnie is three oceans away.
  • Sing mine five times, please.
  • I give myself two stars.
  • Will those do?
And she sends you a reply that she got them all.

Now, Margo knows you teach pronouns to your students in the order
I, my, me, mine, myself.
So she arranges those in the correct order:
  • I live at 153 Downing Street.
  • My father is sixty-nine years old.
  • Send me 861 grams of chocolate.
  • That two hundred pound bear is mine.
  • I must remind myself of the year 1974.
  • I have nine lives.
  • My bonnie is three oceans away.
  • There are seven heavens for me.
  • Sing mine five times, please.
  • I give myself two stars.
and she divides the first set by the second, to give the account number and branch number, all in one clot:
And, since 17 and 23 were together, she guesses that the branch number is 1723.

Now you need to tell her the name of the bank.
I drive our Mitsubishi Galant to USJ last week.
If she understands, she replies
That's a long way to drive.
If she doesn't understand, she replies,
Where's USJ?
And you try again. Or you just punt and say something a bit easier from the outset, like
Oh, I like Mitsubishi UFJ for banking, how about you?

Now your bank's branch name is Senri Central, so you send a message something like
Hey, when was the last time you took a trip to Senri Central Station? There's a nice park near there.
to which she replies something like
Huh? I don't recall seeing a park there.
if she can't understand the branch name, or
Oh, yeah, that's a nice park.
if she recognizes a branch name from that and finds the branch name and number on the bank's website.

Now, there's one little bit of information left, the account name. That has to be verbatim, so she just asks you how to spell your name, and you copy the account name from your passbook into your reply.

Cloak and dagger stuff. Takes a long time, huh? And it still leaves a trail the NSA or any other bunch of spooks that can afford to monitor you can follow and probably work out for themselves.


At minimum, if you have to send your account number through e-mail, send it in three or four separate messages, spaced somewhat apart in time, out of order.

And send the message that says what they are and gives the order in yet another message, afterwards, to make someone interested in the number have to look for it.

And, of course, never send your PIN through the e-mail.

No comments:

Post a Comment