Tuesday, March 29, 2005

The Perils Of P2P

Michelle Malkin warns about the perils of file sharing software (P2P): A guy who used a peer-to-peer file-sharing system inadvertently publicized a lot more on his hard drive than music files, WTOC 11 reports

Don't believe it? Download LimeWire and type in "federal return" or "1040" and see what pops up. I did it, and within a few minutes, I had access to scores of tax returns that included names, addresses, social security numbers, and bank account numbers.

Among hundreds of tax returns I saw, here are three I downloaded (note: sensitive information has been redacted): 1, 2, 3.

It's not just tax returns. During the past nine months, Rick Wallace, editor of the See What You Share blog, has used P2P to obtain all kinds of confidential government reports, including more than 25 classified military documents.

Don Bodiker's experience is a much-needed reminder for ordinary citizens and military personnel alike who use P2P: Be careful what you share. You never know who's snooping around.


BigSurf blogged Keith rightly points out in a comment: "Ironic that when stealing something you must becareful that you too are not being stolen from."

BizzyBlog blogged Taking all sensitive files off of your hard drive is nice but IMHO impractical advice, simply because if you take it off your hard drive, you have to back it up TWICE in case one of the backup media fail. In the case of taxes, the current year return relies on info from the previous year’s return, and depending on how you do backup, this year’s program may not be able to read in last year’s info.

Two better ideas:

  • Purge ALL P2P from all of your computers (Kazaa, Limewire, Bit Torrent, etc.).
  • If you must do P2P, turn off all sharing from your computers to the outside world. Purists might say you’re being “selfish,” but I say you’re practicing self-defense.
Also, be aware that anyone who uses P2P, especially on a Windows-based machine, opens themselves up to any virus, spyware, or malware that a mischievous file-sharer might incorporate into an innocent-looking music or other file.

Dave Lucas blogged check out Dvorak's post "Phishing Morphs into Pharming." Funny thing is, P2P software usage in US is decreasing. According to the information from the Pew Internet and American Life Project the usage has dropped by 10 per cent within the past year. For over two years, Canadians have enjoyed a freedom that US residents do not - the ability to download p2p media files legally...that's about to change. (Read MORE).

CLICK HERE if you'd like to learn more about to learn about Internet safety awareness. CLICK HERE to learn more about Phishing. Curious about P2P? Read "Decembrists Release Video Via Bit Torrent" and CLICK HERE for a link to read an article on Bram Cohen, the creator of BitTorrent. If you are a "TechnoBloggie" click on THIS LINK.


Peter blogged Just remember when you see the internet the internet sees you. If you are putting key files on your computer make sure they are NOT in a shared folder. You never know who might be watching.

Tim blogged Take this as yet another lesson in the internet is not a toy category.

Banana Oil! blogged The trouble here is not P2P file sharing, it’s the damn fools who do it without a care for their own security. This Bodiker fool not only kept his personal and financial information on the same hard drive (and partition) as his shared files — unencrypted! — he didn’t even check to see where the data was being stored. That’s not a P2P problem. That’s not even a computer problem. That’s an ignorant jackass problem. Of course, when selling such a story to other ignorant jackasses, it pays to make it seem like a software or hardware problem. But it isn’t. You play with fire before learning what fire does, you’re probably going to get burned.

I disagree with Banana Oil. One would have to be very greedy to download everything they can regardless of copyright restrictions to devote an entire hard drive to it, and to encrypt all personal data is a lot of extra work.

Rob Dejournett blogged P2P isn't all that great anymore. With the record companies now getting smart and spamming P2P networks with song spoofs (files that look like popular songs but just contain white noise), and the huge amount of bogus, junk, and virus containing files, P2P hasn't been worth it for years now. Smart people go elsewhere for their needs.

Update: See What You Share - a blog dedicated to P2P woes, drives home the point of how easy it is to get child porn from P2P. And yet these stories never make news, until an Amber Alert appears. So, let me get this straight. Download a song and you'll get fined or get a lawsuit. Download kiddie porn, or release kiddie porn, and there's no recrimation? I've been saying this for a while. The hypocracy of RIAA and it's ilk is astounding, and the public should be chastized for believing that song downloaders are the next Hitler. Clearly we need more public attention to these horrid matters.


The Unknown Professor blogged On file sharing software (like Limewire), you define a folder or folders on your hard drive as shareable. Unfortunately, the default sharable folder has the same name that a popular personal tax preparation software uses to store your tax returns. As a result, many people end up inadvertantly making their tax returns (which contain their social security numbers). The morals to this story:
  1. Be careful about what's in your shared folder
  2. Think twice before you use the default option on software installations.
  3. Make sure you know what's on your computer - it's possible that another family member has installed software that you're not aware of (particularly important if you have younger children).

No comments: