An article titled, Tim Hortons apologizes for blocking gay and lesbian news website by The Canadian Press on Friday, July 19, 2013 caught my attention. Tim Hortons is a popular Canadian coffee shop chain.
The online site of a popular paper that caters to the gay community was blocked by the coffee shop chain as “not appropriate for all ages viewing in a public environment.”. Once the outrage got going, Tim Hortons relented and changed its WiFi network policy.
What has all this got to do with Investigative Internet Research (IIR), you ask? Well, think about it. We often work while on the road and that means doing some aspects of IIR in places like coffee shops.
When you do IIR outside your normal work environment, different rules apply. How do you know what the WiFi network allows and what it doesn’t? How do you know if some things are censored and others are not? How do you know that your results are complete?
Now do you understand the dangers that doing this presents? I haven’t even mentioned the security issues.
File erasure is something every Investigator needs to consider. Investigators collect a lot of data that never makes into a report. Sometimes that data is irrelvant or something that cannot be reported. That stuff should not be left hanging around to be recovered later and then missused. Some form of file erasure software should be used to make it unrecoverable.
Some examples of file erasure software:
I always use the subject’s known email addresses as search terms. I assume that any good Investigator would do the same. However, where you search matters.
Have you ever searched an email address and found that it was compromised? Groups like Anonymous and Lulzsec sometimes post lists of compromised email addresses along with the associated passwords. Do you know where to search for this and how to report it?
“I didn’t post that! My account was hacked!” is a common ‘Weinergate’ inspired excuse. If the Investigator doesn’t make a reasonable effort to search for the possibility of a compromised account, then he may be judged incompetent or negligent.
Without the co-operation of the subject, the Investigator must start an organised search for indications that the email account has been compromised.
Always search for the name of the email service provider and the words ‘hacked’ and ‘compromised’ along with ‘accounts’ and ‘email’. If you find something, then compare the date of the security breach to the time of your own Weintergate.
Next, search shouldichangemypassword.com, pwnedlist.com, and hacknotifier.com. The first two only tell you if the account might be compromised, while the last one sometimes links the searcher to online information about the security breach.
Of course the Investigator should document the search and explain the sources that were searched.
The Boston Marathon incident is somewhat instructive from an Investigative Internet Research (IIR) perspective.
News reporters are skilled at IIR — some to the exclusion of real journalistic skills if the preponderance of churnalism in the popular media is any measure. However, one instance of a reporter finding the terrorist’s Amazon Wish List is interesting. The reporter was drawing conclusions about the terrorist from the contents of the wish list.
The default Amazon Wish List setting is ‘Public’. The other settings are ‘Shared’ and ‘Private’ which seems to defeat the purpose. The default setting is the most common.
Google isn’t a search engine — it’s an advertising engine. Google makes its money from advertising. You may have noticed that the advertisments that appear on your Google search results page is related to what you are searching.
Some of this advertising results from cookies placed on your computer. If you use Gmail, it is even more intrusive as each email is read, and you get ads associated with the content of your email. This is a good business strategy for Google but intrudes upon the user’s privacy. You should shut-off the collection of web history in your Google account. To do this sign into your Google account and then go to http://google.com/history. Once there, click on Remove all Web History and then click on Pause to stop further collection of your web history. There is also a way to rid yourself of the intrusive monitoring of you normal web searching.
Google uses DoubleClick to monitor your web browsing. To eliminate this monitoring go to http://google.com/ads/preferences/plugin and download this small file for each browser that you use. The instalation prceedure will vary with each browser. This file won’t disappear when you use a file wiping program to clearout all the trash web browsing accumulates.
Most people give up a frightening amount of information in a very short period of time during their social interactions, both on social media and in person. Marital status, children, hometowns, schools, and more are the nuggets of information given out which can end-up in the wrong hands.
Safe topics for making conversation with strangers is not your job, but rather a “safe” hobby, like woodworking, sports, or local history. It’s good to avoid politics and religion.
Most privacy conscious Investigators create a throwaway profile. They learn about something that is not related to their identifying features – cooking, gardening, fishing, etc. – and know enough to pass as a amateur enthusiast. This becomes the first-contact profile used to evaluate a stranger.
The Citizen’s Arrest and Self-defence Act comes into full force on March 11, 2013. The act may be found at http://laws-lois.justice.gc.ca/eng/AnnualStatutes/2012_9/FullText.html and some background on the act may be found at http://www.justice.gc.ca/eng/news-nouv/nr-cp/2012/doc_32762.html.
The Canada Gazette entry regarding the act coming into effect may be found at http://gazette.gc.ca/rp-pr/p2/2013/2013-02-13/html/si-tr5-eng.html.
I have written about the site: command in Google before.
The site: command in Google is an invaluable tool for doing Investigative Internet Research (IIR), especially in combination with other advanced operators.
Google site: Tool
Google site: Tool only works Firefox 14 or later on Windows 7.
It allows you to add site: or -site: to modify your Google search results. To limit your query to a particular site in the results, or to re-run the query excluding that site from the results, click the green URL below the result header. This works best on Google.com rather than the country-specific versions of Google. It also works on the encrypted version of Google.com.
This addon requires Greasemonkey.