September 02, 2009
Is The White House Already Tracking Twitter Comments?
Beth has a disturbing experience.
The blog princess knows next to nothing about SSL. And she does not Tweet, nor does she harbor a heretofore unexpressed desire to Tweet. All the same, Beth's experience is interesting in light of the earlier story about the White House tracking social networking sites.
Does anyone know anything about SSL that might shed some light on this?
Posted by Cassandra at September 2, 2009 01:46 PM
TrackBack URL for this entry:
Supposedly, the WH is using a private company which has the capabilities of tracking your usage of the web. That is, if you contact the WH site, this company will now have the capability to track where you have have been. An easy google search will give you the name of the company, and it will also show you how to block any such intrusions.
I'm not really much of a conspiracy type guy, but for the first time in my life, we have an administration that really worries me when it comes to such things as the above.
Posted by: RIslander at September 2, 2009 02:20 PM
What Rislander said... or... It could be a Man in the Middle aka MITM gambit. Looks like Beth did her due diligence by heeding the WTF?! aka What the Functionality?! bit, inspecting the cert, and then setting the Disinclined to Acquiesce bit.
Posted by: bthun at September 2, 2009 02:39 PM
Not being a twit myself, I'm unfamiliar with the protocol...but it doesn't surprise me.
Posted by: camojack at September 3, 2009 01:18 AM
It's been almost 10 years since I worked in IT and I'm not above being corrected if my recollection is faulty... That said, from what I recall, SSL (secure socket layer) is used to create a secure link to the https port of a web server over tcp/ip.
Buying stuff online, using your credit-card or paypal, is an example of when SSL and certificates come into play. When you see the little padlock icon "locked" on the periphery of your browser, you are 'connected to' the secure port on the web server, in encrypted mode.
The signed certificate, operates like a pass key or maybe an ID card. If it is authorized-validated by a "trusted third party source", the connection is completed. If it is not authorized by one of the 'trusted third party' entities, you should be prompted to accept the cert or not. If you choose to accept a cert of dubious origin, the connection is completed. If not, it is dropped.
Now, I have no knowledge of, or experience with, the 'social networking' sites like twitter, facebook, etc. that are all the rage these days. My knowledge of and familiarity with web stuff perished so fast that I didn't even know what a blog was until I started reading the milblogs a couple of years ago and decided to buy a couple of tech manuals on the subject.
Anywho, I'm certain that there are lots of docs on the web that can do a much better job of explaining it, but that's thumbnail sketch as well as I can recall.
Posted by: bthun at September 3, 2009 11:20 AM
I don't "tweet," but I can tell you this: Earlier this year, before the spendulus was passed, I emailed all of my congresscritters to oppose it. Not two days later, I received email from Barack Obama. Several days after that, I started receiving occasional emails from Michelle Obama. After I, like many others, "turned myself in" to the fishy misinformation website, I started receiving emails from David Axelrod. Not once did I ever email any of these individuals directly, nor agree to receive email from them. They could only have gotten my information without my permission, and started spamming me with it.
Posted by: April at September 4, 2009 04:48 PM