re-import orkut diary

Signed-off-by: Nico Schottelius <nico@bento.schottelius.org>

docs/orkut-diary.mdwn

@@ -0,0 +1,296 @@
+[[!meta title="Orkut - dangerous Big Brother database or fun place?"]]
+[[!meta date="2004-08-25"]]
+[[!toc]]
+
+This is my personal diary about using Orkut (www.orkut.com).
+
+## 27-Feb-2004
+   I got invited to orkut.
+
+## 29-Feb-2004
+   Getting first impressions. What is this "orkut"?
+   Looks like a secure thing: Only people who are invited may
+   join. So you most likely know that those are really the people
+   you know and not fake ones.
+
+   Well, you can even trust the communication, as 'dangerous people'
+   keep outside, can't you?
+
+   But why are they using HTTP and not HTTPS? Just keep that in mind..
+
+   Ok, lets register. What's that? In affilation with google?
+   Does that mean one can google through orkut?
+   Or does that mean google will sell their database to others?
+
+   Wow what the hell do they want to know? And why should it be senseful
+   to tell them all of my mail adresses? Don't I remember getting
+   spam on all adresses I use on the web? Let's create a Pseudo
+   Email, only used for Orkut, so we can track back the spam.
+
+   After only telling the needed information I see that the one who invited
+   me is my friend. And that he's got other friends. And they have
+   friends again. Wow. What a fucking big network.
+
+   Let's go to bed, continue tomorrow.
+
+## 01-Mar-2004
+   Currently I am browsing through the friends network. Seeing
+   what information I get, so I can conclude on what I will present
+   to others, when participating in orkut.
+   
+   There is the nice thing "communities", so I can see what the
+   persons interests are. Currently orkut looks like a big database of
+   many friends linked together. Perhaps I can profit from it?
+
+   Wow, there are many interesting communities. Everything I like is around me.
+   Logical, as my friends like same things I do.
+
+   Wait..as I am always logged in while viewing, they'll have a full
+   view for what is interesting for me.
+
+   They (=the ones who brougth up orkut) know who invited me. They know
+   his/her interests. Think about this in a chain.
+
+   So they can see who (with what attributes) is interested in which
+   communities and what you do.
+
+   Do you surf on in the "Bi & Lesbian"-section or are you enjoying
+   the "Internet" community?
+
+   Every klick is one point more for data collection. Every move
+   you make is recorded.
+
+   That sounds for me like "1984". What a horrible vision (or reality?).
+
+   Oh, let's have a look at whois, who owns orkut:
+
+    Domain Name: ORKUT.COM
+    Registrar: NETWORK SOLUTIONS, INC.
+    Whois Server: whois.networksolutions.com
+    Referral URL: http://www.networksolutions.com
+    Name Server: NS11.WORLDNIC.COM
+    Name Server: NS12.WORLDNIC.COM
+    Status: ACTIVE
+    Updated Date: 11-nov-2003
+    Creation Date: 08-dec-2002
+    Expiration Date: 08-dec-2006
+    
+    BUYUKKOKTEN, ORKUT (UHGFNCTSOD)
+    2400 W El Camino Real, Apt 419
+    MOUNTAIN VIEW, CA 94040-1680
+    US
+    
+    Domain Name: ORKUT.COM
+    
+    Administrative Contact:
+       BUYUKKOKTEN, ORKUT  (OBD36)               orkut@cs.stanford.edu
+       2400 W El Camino Real, Apt 419
+       MOUNTAIN VIEW, CA 94040-1680
+       US
+       650 888 5822 fax: 123 123 1234
+    
+    Technical Contact:
+       Network Solutions, Inc.  (HOST-ORG)               customerservice@networksolutions.
+    
+       13200 Woodland Park Drive
+       Herndon, VA 20171-3025
+       US
+       1-888-642-9675 fax: 571-434-4620
+    
+    Record expires on 08-Dec-2006.
+    Record created on 08-Dec-2002.
+    Database last updated on 1-Mar-2004 10:57:20 EST.
+    
+    Domain servers in listed order:
+    
+    NS11.WORLDNIC.COM            216.168.225.141
+    NS12.WORLDNIC.COM            216.168.225.142
+    
+
+   Well, this company does not tell me anything at all...
+   If you know something about them, please tell me.
+
+
+## 02-Mar-2004
+   After some researching I know that Orkut is being developed by someone
+   working at Google, BUYUKKOKTEN, ORKUT. (As seen in the whois,
+   but before I didn't know whether this is a person or a company.
+
+   While phoning with some people yesterday I developed some questions and structures:
+      
+      - orkut know who invited which persons 
+      - they know which communities somebody is interested in
+      - they see in whom or what you are interested, because
+        every visit is tracked with a username.
+      - if you enter wrong data (e.g. wrong surname) people will/may check
+        the "Bogus"-Button to tell that you are faking somebody
+      - the information provided in orkut are 
+
+
+## 22-Mar-2004
+   I didn't use my orkut account since 02-Mar-2004 and will now write an
+   email to 'them', requesting to delete my account.
+
+   Some people argument "But my data can also be found through google, why
+   should I not tell them Orkut?"
+
+   My answer: With google you cannot track what people do, what they like
+   and this together with country information, your hobbies, etc.
+
+   In my opinion Orkut is a BigBrother version in the web and I don't like
+   to participate and show 'them' every step I make.
+
+## 24-Mar-2004
+   Just got again the statement
+
+      "You should stop using IRC, delete all your mail accounts and stop surfing.",
+
+   after I said
+
+      "I wrote a message to orkut, that I would like to have them remove my account.
+      Look at http://nico.schotteli.us/papers/net/orkut-diary, why.".
+   
+
+   I'll try to explain the difference for you:
+
+      IRC: 
+         - it's easy to track "my" behaviour in IRC
+         - you cannot verify the identity of me very good
+         - when trying to track you, 'they' must normally join every channel
+           you are in (*see mark:1*)
+         - Queries cannot get tracked (*see mark:1*)
+   
+      Mail:
+         - mails are sent to different people on different hosts
+         - to read all my incoming mail, you got to have access to the mail
+           server hosting my email
+         - to read my outgoing mail, you need
+            a) to be my ISP and get all data while sending out (*see mark:1*)
+            b) to control _all_ mail servers of people I write to
+
+         - mails can easily be encrypted with PGP/GPG (http://www.gnupg.org)
+
+      WWW:
+         - normally if you visit two different websites
+           (e.g. www.google.com and www.astalavista.com), they don't know
+           from each other
+         - if you visit one website _from_ another site, the second one
+           knows where you come from (if not explicit disabled in your browser)
+           
+           E.g.:
+
+           http://linux.schottelius.org/gpm/ links to
+           http://lists.linux.it/pipermail/gpm/.
+
+           When you click on the link at http://linux.schottelius.org/gpm/, 
+           the host lists.linux.it registers that you come from
+           http://linux.schottelius.org/gpm/.
+
+           As said above, this can easily disabled in (good) browsers.
+         
+         - if you visit many links within one page
+           (e.g. looking at http://www.userfriendly.org cartoon archive),
+           it may be possible to track you, while you are keeping the same ip
+         
+         - if sites set and read cookies, they may assign you a unique id.
+           E.g.:
+           You visit www.microsoft.com. This sites sets the cookie
+           "customer_nr=3434oeuntoheu45ouonethaonehp".
+           After that you visit www.sco.com (not from a link from microsoft).
+
+           Your browser allows www.sco.com to readout the cookie
+           "customer_nr" and can exchange access logs with Microsoft
+           (this should generally not be possible todo cross-site-reading,
+           but can easily be done with a 'middle'-host like an adserver).
+
+           Most browser allow disabling cookies or at least to show a popup
+           box, asking you whether to use it or not.
+
+
+      mark 1:
+         Actually IRC, SMTP or HTTP are plain text protocols.
+         Every person sitting at a router at your ISP can see what you are
+         doing and the contents of every package you send and recieve.
+         
+         You should consider use SILC, TLS/SMTP, HTTPS or PGP encrypted mails
+         instead for better security.
+
+      Orkut:
+         - you have to login before you can visit anything
+         - every click (changing profile, reading other profiles, joining and
+           leaving communities, ..., just everything) is logged
+         - everything you do can easily added to statistics
+         - 'they' can do track user behaviours, user paths
+         
+         An example of path-tracking:
+         1. I (person_b) get invited by person_a
+         2. person_a is in community_a und community_b
+         3. I join community_a, too.
+         --> Now 'they' may know from which scene/interest area we come.
+         4. I click through the friends path of person_a and see that
+            there are some friends I know, too.
+         5. I click on a friend of person_a, whose name is person_h and
+            ask him to be 'my friend'.
+         6. There can be some reasons why I want to be his friend, the 
+            most obvious one is because I know person_a and person_h.
+         7. Now 'they' about some relationship...
+         
+         This information could be selled or transfered to the FBI for
+         instance...
+
+## 30-Mar-2004
+
+   Today I recieved information about what companies pay for filtered
+   user information, it's between $1 per address upto $10 per (snail-mail-)address.
+
+## 08-Apr-2004
+   
+   Just want to re-read their terms of Service. (http://www.orkut.com/terms.html)
+   Here are some interesting parts:
+
+   'We also reserve the right to modify these Terms of Service from time to time without notice.'
+   
+    --> nice, I don't hear or see anything, but will agree and use new
+        Terms of Service.
+
+   'In addition, you must provide true, accurate and complete registration information to be an orkut.com member ("Member").'
+
+   --> complete..very nice..if I would really complete fill out the form, they
+       would know everything about me.
+
+   'Other examples of illegal or unauthorized uses include, but are not limited to:'
+
+   ...'using any robot, spider, site search/retrieval application, or other device to retrieve or index any portion or the orkut.com service;'
+
+   --> well, 'they' may do it, we not...
+
+   'By submitting, posting or displaying any Materials on or through the orkut.com service, you automatically grant to us a worldwide, non-exclusive, sublicenseable, transferable, royalty-free, perpetual, irrevocable right to copy, distribute, create derivative works of, publicly perform and display such Materials. '
+
+
+   Sure, there are more, these are just examples.
+   There are more intersting things in 'http://www.orkut.com/privacy.html'.
+   
+   Looks like this story will end soon...
+
+## 17-May-2004
+
+   Looks like I got to reinvest time in my "Orkut-Diary".
+   It seems people sometimes don't see how they are confronted
+   with Orkut, although they are NOT part of it.
+
+   Did you ever think about what happened if you recieve an invitation
+   message? No?
+
+   Well, someone (perhaps a "friend") of you thought it would be nice to invite
+   you to Orkut. He/She entered your 
+      - First name
+      - Last name
+      - your Email
+      - and the level of which he/she knows you
+        (haven't met, acquaintance, friend, good friend, best friend)
+
+   Perhaps you decline the invitation Email, but what happens with this
+   data is unknown to you, to her/him. Perhaps the data will get sold
+   to other companies, perhaps Google uses it for their internal
+   statistics, perhaps they won't even have a look at them..
+   We don't know.