[long, boring rambling ;)] Advice on privacy vs advice on security. (was Re: Stopping people finding out uptime?)

To: debian-firewall@lists.debian.org
Subject: [long, boring rambling ;)] Advice on privacy vs advice on security. (was Re: Stopping people finding out uptime?)
From: Daniel Pittman <daniel@rimspace.net>
Date: Thu, 18 Apr 2002 10:59:03 +1000
Message-id: <[🔎] 873cxtu8iw.fsf_-_@inanna.rimspace.net>
In-reply-to: <[🔎] 1019062547.32036.32.camel@hedefx> (Jeff Norman's message of "17 Apr 2002 12:55:47 -0400")
References: <[🔎] 000001c1e3dc$7d66bd80$8e2798d5@laptop> <[🔎] 87pu11pxtk.fsf@inanna.rimspace.net> <[🔎] 1019062547.32036.32.camel@hedefx>

On 17 Apr 2002, Jeff Norman wrote:
> One more thought to add before this thread dies:

It's a pretty good thought, actually, so thanks for bringing it up.

> It seems this argument is always centered around doing/not-doing
> something because it does/doesn't add to the "true" security of your
> computer.

Yes. At least, for me, it is, by default.

> What's lost in the argument in the notion of privacy.

*nod*  I figure that people can do what they want to protect this and,
if they ask specifically, I will advise them (to the best of my ability)
on the topic.

> Just because somebody knowing my computer's uptime may or may not help
> them compromise it, doesn't mean I want them knowing. As an analogy,
> somebody knowing the colour of my underwear doesn't compromise me in
> any way, but it is definitely private!

Sure. I can see the point and, while I don't think it matters, I can
understand how you may not want the fact known widely.

IIRC, which may be dubious, there is some loss to functionality from
disabling TCP timestamps but, frankly, that's a hazy memory at best. You
probably want to look into the if you do this for "privacy" only,
though.

If the OP had asked about doing this for privacy, not security, I
probably would have ignored the discussion -- at least, until someone
did claim it provided security.

What you do for privacy is up to you. I don't bother with that much of
it, but I know how easy it is to track down information anyway. You may
and, if so, good luck to you.

In the end, though, privacy comes down to your own level of paranoia and
a firewall isn't really relevant to it, most of the time.

Security, on the other hand, is very relevant to people and it's one of
the hardest areas to understand, work with and get right. It's also got
a very high cost in both security and privacy if you get it wrong.

So, when someone suggests something that may provide privacy as being
something that provides security, I tend to jump on it. If they mistake
the two then they will end up with neither. :)

So, my rambling thoughts on the matter.
        Daniel

-- 
All of us are watchers - of television, of time clocks, of traffic on the
freeway - but few are observers. Everyone is looking, not many are seeing. 
        -- Peter M. Leschak 

-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: [long, boring rambling ;)] Advice on privacy vs advice on security. (was Re: Stopping people finding out uptime?)
  - From: Jeff Norman <jnorman-list-debian-firewall@fx0.net>

References:
- Stopping people finding out uptime?
  - From: "Charlie Grosvenor" <charlie@cgrosvenor.co.uk>
- Re: Stopping people finding out uptime?
  - From: Daniel Pittman <daniel@rimspace.net>
- Re: Stopping people finding out uptime?
  - From: Jeff Norman <jnorman-list-debian-firewall@fx0.net>

Prev by Date: Re: Stopping people finding out uptime?
Next by Date: Re: [long, boring rambling ;)] Advice on privacy vs advice on security. (was Re: Stopping people finding out uptime?)
Previous by thread: Re: Stopping people finding out uptime?
Next by thread: Re: [long, boring rambling ;)] Advice on privacy vs advice on security. (was Re: Stopping people finding out uptime?)
Index(es):
- Date
- Thread