Well, basically this title attracted my attention: How to Do an Online Background Check for Free. I had to try it with myself. So I started, following the sites and suggestions in the article:

I clicked on the first link and landed on 9 Sites That Find People and Their 'Sensitive' Information – cool. Let’s try them:

• Whitepages.com: No records on me (well, I do not live in the US…)
• Peoplefinders: No success (well, I do not live in the US…)
• FriendFeed: That has to be successful. It searches Twitter and Facebook – I am there. The search finds all my Twitter posts and all the references. Wow, that’s cool. I guess Twitter would have achieved the same directly…
• iSearch then, maybe they are the right ones as the claim to be the world's leading People Search Engine: Five hits. One shows my Facebook and Blog profile picture (very impressive as a result) and the rest is simply useless (as it just shows a link) or wrong (my title is completely wrong, I never even had that one; my address is wrong, there is a typo in the right title…) but what they at least figured out was my gender: Roger Halbheer - Gender: Male – impressive and even correct!
• Facebook: Well, that was easy. That’s where I would start first (besides bing and Twitter and Linkedin and Xing).

So, I went back to the initial article and am trying my luck there as they have a few good links:

• OpenBook.org: They claim to search Facebook and the like – no results for me…

And then I started to skip the rest.

It was kind of interesting to see: Probably if you live in the US, the amount of public information available on the web is huge. If you are living in Europe, it immediately becomes much harder as we handle privacy differently. That you can get access to an address – if you decide to make your phone number public, which you do not have to – is kind of obvious (well, why? If you are looking for a phone number you do not need the address…) but criminal records? Come on…

If you look me up at Bing, you get something around 2300 entries, which is obvious as I blog, I speak at public events, I use Twitter etc. but the whole rest at least if partly hidden. I try hard as well that there are no public pictures of my kids on the web… That’s not necessary.

Anyway, that was an interesting experience to me.

Roger

That’s obvious as people probably tend to want to trust more, the worse their situation is. Nevertheless it is even more disgusting going after the desperate!

Cybercrime: A Recession-Proof Growth Industry

Roger

A new version of this guide went live – I think something, you should look at. There is a methodology and a process in detail:

So, if you want to learn more: http://technet.microsoft.com/en-us/library/cc162838.aspx

Roger

Jailbreaking is probably one of the biggest problems on phones – mainly because it allows easy access to your secrets. Fraunhofer Institute in Germany showed just that:

Therefore, do not think that your iPhone is secure. Make sure you at least remote wipe the phone, when you lost it…

Roger

I was reading an article today called Does Your ISP Care About Protecting Your Privacy?. An interesting question. The ISPs in the article are even thinking of VPNing all the traffic to avoid the necessity for keeping the logs (or probably better, NATing the whole network). So it seems that the ISPs in this article are trying to do their best to protect your privacy.

Isn’t that great? Well, not really as there is a second aspect to this: I was recently talking to Michel van Eeten from the Delft University of Technology in the Netherlands. He did with some other academics a study for the OECD called The Role of Internet Service Providers in Botnet Mitigation (based on spam data), which came to the conclusion that there are ISPs which do a good job and others which do not. If you look at this graph you will see that if we could reduce the spam from the top 50 ISPs (the worst ones) we would get rid of almost 50% of the spam worldwide:

Additionally they found out that over the years (2006-2009) at least half of the ISPs (when it comes to the number of infected machines per subscriber) remained the same in the Top 50.

So, it seems that the ISPs stick to their practices – good or bad.

Which leads me back to my initial question: What do we want? If an ISP would encrypt the traffic to protect our privacy completely, it would not be possible to find the bots and help the consumer to clean. If we want them to completely address the problem, they would most probably have to do at least a certain level of traffic inspection. So, what to we want? How far are we willing to give up a certain level of privacy to allow law enforcement to go after the bad guys?

I think we should come to the point, where we get a more balanced view on such issues. The biggest challenge, however, will be that the answer to the question will be different from culture to culture but the problem is global. So, we kind of need a culture-agnostic answer/solution, which will be very hard to achieve.

Oh, I think I owe you one thing. Based on the study there were a few simple things, which the best ISPs do. I quote the findings of the study:

That ISPs (as opposed to other types of players, such as hosting providers or corporations operating a network with its ASN) play a central role in botnet activity was already discussed, as was the great variability among ISPs. In addition to these findings, our data indicate the following (see Asghari 2010 for a more detailed discussion):

• There is a widely held belief that larger ISPs show worse security performance, as they face much less peer pressure. For instance, Moore, Clayton, and Anderson (2009) state that “...very large ISPs are effectively exempt from peer pressure as others cannot afford to cut them off. Much of the world’s bad traffic comes from the networks of these ‘too big to block’ providers.” In contrast to this belief, our dataset indicates that, while larger ISPs emit more spam in absolute numbers, relative to size their performance is on average slightly better than that of smaller ISPs.
• Another claim is that lower average revenue per user (ARPU) is a sign of higher financial pressure that might result in less attention to security. Our data suggests that ARPU and relative security performance are unrelated.
• Given differences in networking technology and user base, one might hypothesise that cable service providers can enhance their security performance easier than DSL providers. Our data indicates an 8 % lower incidence of unique sources for cable companies. The volume of spam, however, is similar for both types of providers. This might reflect that cable subscriptions have higher average bandwidths than DSL subscriptions, that cable providers use more Network Address Translation technology, or that they more often block port 25.
• Bivariate analysis indicates that ISPs in countries that have joined the London Action Plan (LAP) have, on average, fewer bot infections. Likewise, operating in a country that has signed the Council of Europe’s Convention on Cybercrime is negatively correlated with botnet infections. Neither of these initiatives targets botnets directly. However, one could argue that membership of LAP is a proxy for the activity of a country’s regulatory entities in the area of cybersecurity, whereas membership of the Convention on Cybercrime is a proxy for the activity of law enforcement institutions in a country. These memberships, we assume, are associated with a broader set of measures undertaken by the governments in those countries. Earlier research by Wang and Kim (2009) provided some evidence in support of this effect, though they presume a somewhat tenuous direct causal link between the Convention and cybercrime incidents, rather than interpreting membership of the Convention as a proxy variable. However, factors correlated with a country’s willingness to sign these agreements could also be at work both for the Convention as well as the LAP.

Roger