Well said. Be sure to read the full thing which has a stinging review of the TSA's failed efforts to make airlines more secure. Keep in mind that this guy is the president of the Airline Pilots Security Alliance and he knows what he's talking about. JTAG ERROR: No schneier_ht index defined Tags: George Bush, Security Theater

Some supermarkets now have fingerprint readers in lieu of credit card payments. You have to supply your fingerprint and attach your credit card to it, but then you can pay just by touching your finger to the reader. There are many problems with this: 1) In theory, they’re promising only to take the “data points” not the fingerprint, but if they use the same data points as other companies, then the data points are the same as your fingerprint. If every company uses different data points, as data from each breach is combined, it create a better and better picture of your actual fingerprint. 2) Unlike a credit card that can be re-issued or changed, fingerprints can’t. 3) You don’t leave impressions of your credit card everywhere you touch like you do with your finger. Fingerprints can be used for tracking and accountability that you shouldn’t have to be responsible for unless you’re a criminal. 4) There was nothing wrong with the system that was there before. Swiping a credit card is actually easier and faster than putting your finger on a reader and entering a PIN. 5) The more people that use the system, the more problems they will have with false matches (where your finger and someone elses are too close to distinguish. Granted that the PIN solves this problem to a degree, but these companies will have to add more and more data points to the algorithm to make the system work. The more data points they use, the closer to storing your actual fingerprint. This is bad, bad news. I wonder when the first “fingerprint data breach” will happen. Tags: Utter Failure

For those who were wondering, there were almost 30,000 sex offenders on MySpace who were computer literate enough to use the service, but dumb enough to use their real names. How many are still there using fake names I wonder. Tags: Consequences, Families, If You Only Knew, Kids, Police

A virtual credit card is a short term working credit card that has restrictions such as payout amounts, time of use, or merchants who are allowed to debit it. Using these, if the company you're buying from data-brokerings you for your card number, it won't matter because the number they have is worthless after the set period of time or number of transactions etc. JTAG ERROR: No lifehacker_ht index defined Tags: Identity Theft

Here's a warning to you all: companies hide tracking information in your media and if you don't know about it and do something about it, you may get some pretty nasty results. Now, in this case, it's a good thing because there's no justification for leaking Harry Potter BEFORE it's public release. That just hurts the writer and others involved. But if this wasn't immoral activity but protected free speech, be warned that you could get nailed in very subtle and sophisticated ways if you don't pay attention to product tracking. For example: tracking dots in printers. Tags: Consequences, If You Only Knew

Ever send an e-mail and then have second thoughts? What about wanting to make sure that the e-mail you send doesn’t get shared beyond your original recipient. Using the same technique that spammers do to bypass filters and verify e-mail accounts, BitString uses images for the content of messages. Since the reader has to load the image (which is stored on the BitString server) to view the message, if the sender wants to take it back, all they have to do is ask BitString to delete the image. As long as the image is destroyed before the reciever opens the e-mail, they can be assured that it’s never been read. Also, since BitString can track how many accesses are made for the image and what IP is requesting it, you can lock it to one individual either by specifying that after the first read of the image, it will be deleted. That will prevent forwarding of the message to your recipients friends. That’s pretty cool.

Verichip is the first major company to try to make a market out of implanting people with a hard to remove tracking device. They tout it as a "security" device in that it can be used for proximity detection in sensitive areas and can be used to link to medical information in an emergency where the patient can't speak for themselves (for a yearly fee of course). Considering that the chips actaully weaken security, are hard to remove, and basically destroy all privacy you might have had, I find it hard to understand why people would consider this. Anyway, there's a good summary of the Verichip company here. Tags: RFID

A common story. With a common worthless response: Aww. How nice. Now it looks like they're doing something. Tags: Identity Theft

While I usually throw out anything Comcast sends with the bill, this time I noticed an arbitration notice that says that you only have a little bit of time to opt out before you become bound to an arbitration agreement. What does that mean? It means that you're giving up your right to sue them for incompetence (which is a pretty big deal considering how incompetent they can be). If you continue to use comcast service without opting out, you will automatically be bound by the new arbitration agreement. Fortunately, you can opt out very quickly by going to their website: https://www.comcast.com/arbitrationoptout/default.ashx This kind of agreement is completely one sided and circumvents the courts and our rights. Fortunately, Public Citizen is working on a bill to remove mandatory binding arbitration for good. Tags: Families, Police, Your Rights

There’s too many points to summarize without copying the content directly, but here’s a small post with a lot of links to information about a girl who moved to dismiss a RIAA lawsuit and seems to have won. Tags: Good Stuff