I recently attempted to make an anonymous donation online. It was a bit of a pain, here's how it worked for me.
1. Purchased a Walmart gift card in cash at the store ($50, $4 purchase fee).
2. Registered card on Walmart website. I tried to use Tor, but got blocked at the Captcha test -- for some reason Tor is often incompatible with Captcha. I ended up registering with Firefox -- after the fact, it occurred to me that I may have been able to route my Firefox traffic through Tor. I used the store's address as my "billing address". Even though Walmart claimed that the card was activated immediately, it took a few hours before their website recognized it as an active card.
3. Created an account on Patreon (the recipient was using Patreon). I used a pseudonymous email address for this -- I expect this email could be tracked back to me with a little effort, but I don't expect anyone would expend that effort. I'm only slightly concerned at repercussions from this donation -- not due to current laws, but due to a growing disregard for free speech, such as with the anti-BDS laws. I was able to create the account using Tor (but not on the first attempt for some reason).
4. Paid Patreon using the gift card. For some reason the Patreon website did not allow me to enter the card's number using Tor, so I switched over to Firefox. Now that I've set up the payment, I'm switching to contacting Patreon with Tor.
5. Potential problem: The gift card is not supposed to be used for recurring payments. I set up a small monthly donation. We'll see if it gets rejected next month. It would be nice if I could transfer all the money to Patreon or another intermediary, and then pay it out a bit at a time, but I don't know if that's possible. I see that Patreon accepts PayPal as a payment source, and I think they let you keep an account. So maybe that would be the way to do it.
End result: Not very effective. Probably not worth the time (except as a exercise).
1. Patreon knows who I donated to, and they have my IP address and my pseudonymous email -- and my Walmart gift card.
2. Walmart has my IP address and knows where I bought the gift card.
3. The recipient has my pseudonymous email.
I'm most concerned with Patreon as a weak point -- I can imagine an antagonistic entity forcing them to release their payment records, and then opening a file on everyone who has donated to targeted organizations. But even in that case, they would have to do some extra work to figure out who I am (though maybe contacting my ISP would be enough).
(this post was composed through Tor browser)
Showing posts with label privacy. Show all posts
Showing posts with label privacy. Show all posts
Sunday, January 05, 2020
Saturday, April 23, 2011
UniLeaks: wikileaks for education
I just came across a new website called UniLeaks, which solicits...
In part, this is because I can't imagine that they would find particularly interesting documents that are distinctive of universities. The most likely "dirt" will relate to fund-raising, resource allocation, and employee relations -- just like with any large institution. My fear is that these people will be digging for documents like the stolen* emails at the center of Climategate, which they can then pass to the right-wing noise machine for selective quoting.
As I suggested in Privacy and Transparency at the University, this strategy seems to be increasingly common among some political factions. Michael Mann suffered legal harassment as a result of the Climategate brouhaha, and Frances Fox Piven was singled out and demonized by Glenn Beck at the height of his popularity. This may be a strategy of attacking soft targets -- mid-level public figures who will never wield political power and do not have a mass-audience.
With that being said, I am cautiously optimistic about the establishment of UniLeaks. I am deeply interested in maintaining transparency and accountability (but also political independence) among universities. I am also hopeful that the proliferation of Wikileaks-style organizations will help to move these whistle-blower systems into the political mainstream, and reduce the risk of retaliation.
Update: I found an article about UniLeaks in the Chronicle of Higher Education. The rhetoric used by the (Australian) administrator of the site seems to be a mixture of academia-idealist (e.g. students are not clients), and government-accountability (e.g. universities get a lot of state money). Also, some articles noted that this is just one of many specialized WikiLeaks clones.
*I say that these emails were stolen rather than leaked, because a leak requires that someone had legitimate access to the documents being leaked. Since no-one should have had access to the email database at the center of Climategate, that data must have been stolen.
restricted or censored material of political, ethical, diplomatic or historical significance which is in some way connected to higher education, an agency or government body working in partnership with an institution, e.g., a University.As yet, I do not see the point in creating a system targeted at particular institutions. Maybe this is a way to attract specialists who would be interested in these documents. However, my first suspicion is that this is the work of anti-intellectuals who are digging for any possible dirt on academia.
In part, this is because I can't imagine that they would find particularly interesting documents that are distinctive of universities. The most likely "dirt" will relate to fund-raising, resource allocation, and employee relations -- just like with any large institution. My fear is that these people will be digging for documents like the stolen* emails at the center of Climategate, which they can then pass to the right-wing noise machine for selective quoting.
As I suggested in Privacy and Transparency at the University, this strategy seems to be increasingly common among some political factions. Michael Mann suffered legal harassment as a result of the Climategate brouhaha, and Frances Fox Piven was singled out and demonized by Glenn Beck at the height of his popularity. This may be a strategy of attacking soft targets -- mid-level public figures who will never wield political power and do not have a mass-audience.
With that being said, I am cautiously optimistic about the establishment of UniLeaks. I am deeply interested in maintaining transparency and accountability (but also political independence) among universities. I am also hopeful that the proliferation of Wikileaks-style organizations will help to move these whistle-blower systems into the political mainstream, and reduce the risk of retaliation.
Update: I found an article about UniLeaks in the Chronicle of Higher Education. The rhetoric used by the (Australian) administrator of the site seems to be a mixture of academia-idealist (e.g. students are not clients), and government-accountability (e.g. universities get a lot of state money). Also, some articles noted that this is just one of many specialized WikiLeaks clones.
*I say that these emails were stolen rather than leaked, because a leak requires that someone had legitimate access to the documents being leaked. Since no-one should have had access to the email database at the center of Climategate, that data must have been stolen.
Sunday, April 03, 2011
Privacy and Transparency at the University
The Mackinac think-tank has filed a broad Freedom of Information Act request for the emails of professors of labor studies at three universities run by the state of Michigan. This appears to be nothing more than political harassment, similar to the harassment of climate researcher Michael Mann by Virginia's Attorney General, Ken Cuccinelli, following the "Climategate" brouhaha. It is specifically to avoid this type of political pressure that we have the notion of "academic freedom", and that universities jealously guard their independence from the state.
The heavy use of the Internet by university professors has clearly opened them up to new forms of encroachment by political actors. Universities should dedicate some serious thought to how they manage their data, so as to keep private communications private, and properly document and release any information that should be made public.
I propose that, by default, all internal communications of university staff and students should be considered private, and should be handled in a way that maintains confidentiality. To accomplish this, university IT departments should develop encryption standards for individual email accounts and encourage their universal adoption. This is not a terribly difficult technical issue, as strong encryption systems have already been developed and deployed, such as Pretty Good Privacy. One of the big hurdles to adopting PGP encryption is to establish a network of users with trusted encryption keys; universities are in a perfect position to accomplish this.
This idea of secure communication within universities probably scares a number of people -- I've repeatedly heard mumblings about universities being sinister, oppressive forces in society (for example, view the first comment on this blog post at Bleeding Heart Libertarians). You don't have to be an anti-intellectual conspiracy theorist to insist that universities develop a high level of transparency. Universities provide some important public services where the quality of the final product (e.g. research results, student certification) cannot be easily evaluated without knowledge of the process by which it was produced. To maintain public trust, universities should develop a process that provides relevant information to anyone with a legitimate interest.
Documents relating to student evaluation should be available, both to administrators and to each student or their representative. If encrypted emails are among these documents, the student should keep a copy, and perhaps the university could keep a copy of the student's encrypted emails (at least, any from a professor), which could be recovered if the student provides his decryption key. One nice side-effect of widespread encryption would be widespread signing of electronic documents (using the same key), so that if a document is deemed relevant to an accusation, its authenticity can be easily validated.
Finally, we have the raw data that goes into research publications. The issues here are complicated, and many extend beyond individual universities. For instance, data accessibility has been a major source of contention in climate research, but much of the raw data is treated as a commercial asset by non-academic institutions, so there is little that universities can do. Additionally, scientists will always hesitate to release data until they have had a chance to analyze it themselves. Each field of research probably has to develop its own process for making raw data accessible. For instance, biologists have developed a massive database of DNA sequences (Genbank), and all major journals require that any sequence discussed in a publication be submitted to the database. There is currently a push to mandate the publication of the source code for any program used in an analysis. There has even been some frivolous dispute over accessibility to the raw data from traditional microbiological techniques (which is rarely digitized).*
The complete archiving of research data is an unreachable ideal, though it may become more common with the increasing automation of data collection. Every innovation in data collection and data storage will require researchers to develop new systems for archiving data, possibly leading to the loss of older data archived with obsolete systems. University IT departments (and perhaps librarian/archivists) may be able to provide resources that enable researchers to record their data in an accessible form, but ultimately the focus and extent of archiving and distribution will be determined by the value of the data to other researchers, not curious laymen.
*Addition: There are also experiments relating to transparency in the peer-review process.
The heavy use of the Internet by university professors has clearly opened them up to new forms of encroachment by political actors. Universities should dedicate some serious thought to how they manage their data, so as to keep private communications private, and properly document and release any information that should be made public.
I propose that, by default, all internal communications of university staff and students should be considered private, and should be handled in a way that maintains confidentiality. To accomplish this, university IT departments should develop encryption standards for individual email accounts and encourage their universal adoption. This is not a terribly difficult technical issue, as strong encryption systems have already been developed and deployed, such as Pretty Good Privacy. One of the big hurdles to adopting PGP encryption is to establish a network of users with trusted encryption keys; universities are in a perfect position to accomplish this.
This idea of secure communication within universities probably scares a number of people -- I've repeatedly heard mumblings about universities being sinister, oppressive forces in society (for example, view the first comment on this blog post at Bleeding Heart Libertarians). You don't have to be an anti-intellectual conspiracy theorist to insist that universities develop a high level of transparency. Universities provide some important public services where the quality of the final product (e.g. research results, student certification) cannot be easily evaluated without knowledge of the process by which it was produced. To maintain public trust, universities should develop a process that provides relevant information to anyone with a legitimate interest.
Documents relating to student evaluation should be available, both to administrators and to each student or their representative. If encrypted emails are among these documents, the student should keep a copy, and perhaps the university could keep a copy of the student's encrypted emails (at least, any from a professor), which could be recovered if the student provides his decryption key. One nice side-effect of widespread encryption would be widespread signing of electronic documents (using the same key), so that if a document is deemed relevant to an accusation, its authenticity can be easily validated.
Finally, we have the raw data that goes into research publications. The issues here are complicated, and many extend beyond individual universities. For instance, data accessibility has been a major source of contention in climate research, but much of the raw data is treated as a commercial asset by non-academic institutions, so there is little that universities can do. Additionally, scientists will always hesitate to release data until they have had a chance to analyze it themselves. Each field of research probably has to develop its own process for making raw data accessible. For instance, biologists have developed a massive database of DNA sequences (Genbank), and all major journals require that any sequence discussed in a publication be submitted to the database. There is currently a push to mandate the publication of the source code for any program used in an analysis. There has even been some frivolous dispute over accessibility to the raw data from traditional microbiological techniques (which is rarely digitized).*
The complete archiving of research data is an unreachable ideal, though it may become more common with the increasing automation of data collection. Every innovation in data collection and data storage will require researchers to develop new systems for archiving data, possibly leading to the loss of older data archived with obsolete systems. University IT departments (and perhaps librarian/archivists) may be able to provide resources that enable researchers to record their data in an accessible form, but ultimately the focus and extent of archiving and distribution will be determined by the value of the data to other researchers, not curious laymen.
*Addition: There are also experiments relating to transparency in the peer-review process.
Subscribe to:
Posts (Atom)