February 24th, 2004, 02:55 AM
If you had a voice recorder set up in your house and a crook broke in and happened to use his cell phone while he was their it would be admissible in court....so why if someone breaks into a honey pot would that be a violation of their privacy? Maybe I'm missing something here but if they are illegally intruding on your property then I would think they gave up the right to keep what they are doing private.
[Shadow] have you ever noticed work is like a tree full of monkeys you look down and all you see is monkeys below you then you look up and all you see is a bunch of *******s above
February 24th, 2004, 09:10 PM
i found this site it helped me out thought i post it here http://www.securityfocus.com/infocus/1703
February 24th, 2004, 10:48 PM
I may be wrong, but at most stores and gas stations, they need signs posted saying they are monitering via cameras ("this facility is monitered by camera"). Maybe if you place something similar on your box, readme.txt files or something, maybe even name the machine/honeypot "monitered" that would bypass some of this privacy concern... just a thought...
Originally posted here by nihil
2. They came to you, you did not go to them, or security cameras would be illegal?..............they monitor people's activity?
Just a thought
February 24th, 2004, 10:54 PM
a while back I posted a thread entitled "use a honeypot, go to prison?" It was a link to an interesting article writen by Kevin Poulsen at SecurityFocus and posted by our paranoid friends over at the Register... anyway, you can find my original thread here
or you can find the direct link to the Register story here
So far I know of no court cases against honeypots so this is still a "grey" area for legality purposes. My view is that I don't think it's illegal to run or operate a honeypot... but I could be wrong on this (let's hope not).
Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.
February 24th, 2004, 11:16 PM
I think that is probably to deter robbers and shoplifters.................but there are none in banks and post offices, yet the cameras are still there................also in bars...............if I saw a sign like that in a bar I would leave before the fighting started Hotels & airports have them as well?
I may be wrong, but at most stores and gas stations, they need signs posted saying they are monitering via cameras
February 26th, 2004, 10:44 AM
remember that if :
1) your machine is compromised and then
2) used to attack another machine and
3) you have *deliberatly* left your machine open
then you could probabily be sued.
\"If money could talk it would say goodbye\"
February 26th, 2004, 11:21 AM
What if you set up a machine that extensively logged all access in the same way that a honeypot would, but you didn't just set it up to be hacked. For example, I've got a linux box running with sshd and apache which I use to make work that I've done at home available to me at uni, and so my friends can download stuff off me easily. If someone came onto my computer and I decided to log all their access and monitor what they were doing, would I be invading their privacy? (bearing in mind that this computer is not set up as a honeypot)
February 26th, 2004, 11:28 AM
Technically yes if you did not inform them that they were being monitored. You know those support calls you make and you hear that lovely but monotoned voice that says "This call may be monitored for quality assurance". While the call is between you and the tech support (and any managers thereafter depending on the level of experience of the techie), the fact that the call is logged and potentially open (your expectation of privacy is gone) you have to be informed.
If someone came onto my computer and I decided to log all their access and monitor what they were doing, would I be invading their privacy? (bearing in mind that this computer is not set up as a honeypot)
While logging activities would be, IMO, a grey area I'd still put up a notice so that people know there isn't an expectation of privacy. Just as a CYA policy.
February 26th, 2004, 12:10 PM
MsMittens, I'm not doubting you. I see what you're saying and it sounds logical to me, but why then, are large website administrators, etc. not prosecuted for having log files on their computers? I mean, plenty of people must access their sites, and by default, most httpd's take a decent amount of logs.
For example, could antionline be sued just because the site doesn't have a big banner on the front of it that says that access to the site is logged? I would really doubt that there is no logging for a site like this.
Again, this comment isn't meant to be a flame or anything...I agree with you, but the fact is that I don't know enough about this, so I've got to assume that other do and ask questions.
 I see there is a link to a security policy at the bottom of the main page which explains in great detail how information is used. Is that for this site, or for some of the advertisements at the bottom of the page? [/edit]
February 26th, 2004, 01:40 PM
I see there is a link to a security policy at the bottom of the main page which explains in great detail how information is used. Is that for this site, or for some of the advertisements at the bottom of the page?
What information are you collecting and how are you collecting it?
Every computer connected to the Internet is given a domain name and a set of numbers, that serve as that computer's "Internet Protocol" IP address. When a visitor requests a page from any Web site within the JUPM Network, our Web servers automatically recognize that visitor's domain name and IP address. The domain name and IP address reveal nothing personal about you other than the IP address from which you have accessed our site. We use this information to examine our traffic in aggregate, and to investigate misuse of the JUPM Network, its users, or to cooperate with law enforcement. See also Will you disclose the information you collect to outside third parties? We do not collect and evaluate this information for specific individuals. Our Web servers do not automatically record e-mail addresses of the visitors.