Printable View
If you had a voice recorder set up in your house and a crook broke in and happened to use his cell phone while he was their it would be admissible in court....so why if someone breaks into a honey pot would that be a violation of their privacy? Maybe I'm missing something here but if they are illegally intruding on your property then I would think they gave up the right to keep what they are doing private.
i found this site it helped me out thought i post it here http://www.securityfocus.com/infocus/1703
I may be wrong, but at most stores and gas stations, they need signs posted saying they are monitering via cameras ("this facility is monitered by camera"). Maybe if you place something similar on your box, readme.txt files or something, maybe even name the machine/honeypot "monitered" that would bypass some of this privacy concern... just a thought...Quote:
Originally posted here by nihil
2. They came to you, you did not go to them, or security cameras would be illegal?..............they monitor people's activity?
Just a thought
a while back I posted a thread entitled "use a honeypot, go to prison?" It was a link to an interesting article writen by Kevin Poulsen at SecurityFocus and posted by our paranoid friends over at the Register... anyway, you can find my original thread here
or you can find the direct link to the Register story here
So far I know of no court cases against honeypots so this is still a "grey" area for legality purposes. My view is that I don't think it's illegal to run or operate a honeypot... but I could be wrong on this (let's hope not).
I think that is probably to deter robbers and shoplifters.................but there are none in banks and post offices, yet the cameras are still there................also in bars...............if I saw a sign like that in a bar I would leave before the fighting started :) Hotels & airports have them as well?Quote:
I may be wrong, but at most stores and gas stations, they need signs posted saying they are monitering via cameras
Cheers
remember that if :
1) your machine is compromised and then
2) used to attack another machine and
3) you have *deliberatly* left your machine open
then you could probabily be sued.
What if you set up a machine that extensively logged all access in the same way that a honeypot would, but you didn't just set it up to be hacked. For example, I've got a linux box running with sshd and apache which I use to make work that I've done at home available to me at uni, and so my friends can download stuff off me easily. If someone came onto my computer and I decided to log all their access and monitor what they were doing, would I be invading their privacy? (bearing in mind that this computer is not set up as a honeypot)
ac
Technically yes if you did not inform them that they were being monitored. You know those support calls you make and you hear that lovely but monotoned voice that says "This call may be monitored for quality assurance". While the call is between you and the tech support (and any managers thereafter depending on the level of experience of the techie), the fact that the call is logged and potentially open (your expectation of privacy is gone) you have to be informed.Quote:
If someone came onto my computer and I decided to log all their access and monitor what they were doing, would I be invading their privacy? (bearing in mind that this computer is not set up as a honeypot)
While logging activities would be, IMO, a grey area I'd still put up a notice so that people know there isn't an expectation of privacy. Just as a CYA policy. :D
MsMittens, I'm not doubting you. I see what you're saying and it sounds logical to me, but why then, are large website administrators, etc. not prosecuted for having log files on their computers? I mean, plenty of people must access their sites, and by default, most httpd's take a decent amount of logs.
For example, could antionline be sued just because the site doesn't have a big banner on the front of it that says that access to the site is logged? I would really doubt that there is no logging for a site like this.
Again, this comment isn't meant to be a flame or anything...I agree with you, but the fact is that I don't know enough about this, so I've got to assume that other do and ask questions.
Thanks,
ac
[edit] I see there is a link to a security policy at the bottom of the main page which explains in great detail how information is used. Is that for this site, or for some of the advertisements at the bottom of the page? [/edit]
You mean the Privacy Policy? That's for AO and some of the advertising on the site. As long as you have it written somewhere that you are collecting information and how you intend to use it (to indicate the level of expected privacy then you are covered).Quote:
I see there is a link to a security policy at the bottom of the main page which explains in great detail how information is used. Is that for this site, or for some of the advertisements at the bottom of the page?
As you can see, JUPM does collect information about users via logging. In effect, the Privacy Policy found at most Websites is the CYA policy. I believe that should answer your initial question as to why webmasters at large websites aren't prosecuted for keeping logs. While most people don't read the Privacy Policy at websites (and really you should to see what information is open, what is being monitored regularly and what they do with your information), it is the Privacy Policies that usually indicate how information (logging and data mining) is being ued and what level of privacy expectation someone should have for a particular site.Quote:
What information are you collecting and how are you collecting it?
Every computer connected to the Internet is given a domain name and a set of numbers, that serve as that computer's "Internet Protocol" IP address. When a visitor requests a page from any Web site within the JUPM Network, our Web servers automatically recognize that visitor's domain name and IP address. The domain name and IP address reveal nothing personal about you other than the IP address from which you have accessed our site. We use this information to examine our traffic in aggregate, and to investigate misuse of the JUPM Network, its users, or to cooperate with law enforcement. See also Will you disclose the information you collect to outside third parties? We do not collect and evaluate this information for specific individuals. Our Web servers do not automatically record e-mail addresses of the visitors.