157
A disturbing comment on my blog…

A disturbing comment on my blog…. Who is [email protected]?

  • View
    220

  • Download
    3

Embed Size (px)

Citation preview

Page 1: A disturbing comment on my blog…. Who is sux@boston.com?

A disturbing comment on my blog…

Page 2: A disturbing comment on my blog…. Who is sux@boston.com?

Who is [email protected]?

Page 3: A disturbing comment on my blog…. Who is sux@boston.com?

[email protected] posted from this IP!

IP: 128.100.171.22

Page 4: A disturbing comment on my blog…. Who is sux@boston.com?

So what’s an IP?

An address. Every computer connected to the Internet has one, or shares one.

Four numbers - each 0-255, separated by periods: 128.100.171.22

Try typing “66.233.167.99” into a web browser. You get…

Page 5: A disturbing comment on my blog…. Who is sux@boston.com?

66.233.167.99 is the IP address of one of the thousands of computers that run Google’s website. Easier to remember “google.com”, huh?

Page 6: A disturbing comment on my blog…. Who is sux@boston.com?

Every computer on the Internet has an IP address or shares one.

Everything transmitted on the Internet - an email, a webpage, a picture, a sound file - is made up of one or more “packets” of data.

These packets have a header, a payload and, sometimes, a footer. The header includes the IP address of the computer sending a packet, and the IP address of the computer receiving it.

Page 7: A disturbing comment on my blog…. Who is sux@boston.com?

When you type 66.233.167.99 into your browser, you send a set of packets to a Google computer, asking it to send some packets back to your IP address. Your browser assembles those packets into the Google homepage.

Page 8: A disturbing comment on my blog…. Who is sux@boston.com?

So what’s my IP address?

Page 9: A disturbing comment on my blog…. Who is sux@boston.com?

151.203.155.73. Or was that 192.168.0.103?

Page 10: A disturbing comment on my blog…. Who is sux@boston.com?

Network Address Translation lets 254 computers share one IP address!

Page 11: A disturbing comment on my blog…. Who is sux@boston.com?

Who is 128.100.171.22?No - whois 128.100.171.22!

Page 12: A disturbing comment on my blog…. Who is sux@boston.com?

One of 65,536 IP addresses at U Toronto…

Page 13: A disturbing comment on my blog…. Who is sux@boston.com?

“Dear Russ, which of your users thinks Boston sucks?”

Page 14: A disturbing comment on my blog…. Who is sux@boston.com?

nslookup at kloth.net

Page 15: A disturbing comment on my blog…. Who is sux@boston.com?

haxor.citizenlab.com!

Page 16: A disturbing comment on my blog…. Who is sux@boston.com?

whois contacts the authority responsible for assigning IP addresses and asks who has been assigned the IP address you’re curious about.

nslookup uses the domain name system - the system that associates the names of computers connected to the Internet to IP addresses - to tell you what domain names are associated with an IP address.

Page 17: A disturbing comment on my blog…. Who is sux@boston.com?

Aha!

Nart works for Citizen Lab!

Page 18: A disturbing comment on my blog…. Who is sux@boston.com?

Allowing me to craft an appropriate response…

Page 19: A disturbing comment on my blog…. Who is sux@boston.com?

Other possible outcomes:- IP address was from a shared or publicly accessible computer. Result: no way to know who made the post without a record of users.- IP address was from an ISP via dialup, DSL or cable modem. Result: ISP may have records of which user had the IP, but won’t release except under subpoena.- IP address was a proxy or anonymizer, designed to hide the poster’s identity. Result: Proxy operator may - or may not - have records of the real IP.

Page 20: A disturbing comment on my blog…. Who is sux@boston.com?

IP address is a lousy identifier.

What happens if Google says “Hello, Ethan - here’s your new gmail” when it sees a request from 151.203.155.73?

Anyone in my house can read my mail. And when my ISP gives me a new IP, someone else is very confused to be greeted as Ethan.

Unfortunately, IPs get treated like unique identifiers often… because we don’t have other options.

Page 21: A disturbing comment on my blog…. Who is sux@boston.com?

I can’t get information from an ISP aboutwho has a particular IP…

But governments can.

Security online is about protecting and obscuring your IP address.

If you don’t protect your identity, prepare to have your computers seized…

Page 22: A disturbing comment on my blog…. Who is sux@boston.com?

Deleting & Wiping files

• When files are deleted the name is removed from the disk and the space is marked as available for new data

• As long as no data is written to that space the original file can be recovered

Page 23: A disturbing comment on my blog…. Who is sux@boston.com?

• A little experiment– A file called secretfiles.doc was created in “My

Documents”– It was “deleted” and sent to the Recycle bin– The Recycle bin was emptied

Page 24: A disturbing comment on my blog…. Who is sux@boston.com?

Undelete

Page 25: A disturbing comment on my blog…. Who is sux@boston.com?
Page 26: A disturbing comment on my blog…. Who is sux@boston.com?

Wiping

• Wiping utilities overwrite data with garbage

• The greater the number of overwrite passes it makes the more difficult it is to recover the data

Page 27: A disturbing comment on my blog…. Who is sux@boston.com?
Page 28: A disturbing comment on my blog…. Who is sux@boston.com?
Page 29: A disturbing comment on my blog…. Who is sux@boston.com?
Page 30: A disturbing comment on my blog…. Who is sux@boston.com?

Dpeft boe djqifst:

voefstuboejoh fodszqujpo

Page 31: A disturbing comment on my blog…. Who is sux@boston.com?

Dpeft boe djqifst:

voefstuboejoh fodszqujpoCodes and ciphers:

understanding encryption

Page 32: A disturbing comment on my blog…. Who is sux@boston.com?

Dpeft boe djqifst:

Codes and ciphers:Add to each letter: 1

“Add to each letter” - algorithm“1” - secret key

A very weak form of encryption…

Page 33: A disturbing comment on my blog…. Who is sux@boston.com?

A better cipher+ -+-+-+ -+-+-+1 234512 345123B zhpydt zmkicu

Realworld ciphers use complex, multipart algorithms and LONG keys. Algorithms are public - keys are secret.

Page 34: A disturbing comment on my blog…. Who is sux@boston.com?

An encrypted file…

Page 35: A disturbing comment on my blog…. Who is sux@boston.com?

Encrypted Storage

• A lot of utilities, a nice one for Windows is BestCrypt (http://www.jetico.com/)

• It creates an additional drive letter that you need to enter a password to access

Page 36: A disturbing comment on my blog…. Who is sux@boston.com?

Encrypted Storage

Page 37: A disturbing comment on my blog…. Who is sux@boston.com?

Encrypted Storage

Page 38: A disturbing comment on my blog…. Who is sux@boston.com?

Encrypted Storage

• Any files you place in the BestCrypt drive are encrypted

• When you unmount the drive, the drive letter disappears

Page 39: A disturbing comment on my blog…. Who is sux@boston.com?

Remote Backup

• Store files on a remote server

• Allows you to recover your files if something happens

• You can remove sensitive files from you computer, and retrieve them at a later time

Page 40: A disturbing comment on my blog…. Who is sux@boston.com?
Page 41: A disturbing comment on my blog…. Who is sux@boston.com?

Martus.org

• Martus is a software tool that allows users to create “bulletins”, uploading them at the earliest opportunity, and storing them on redundant servers located around the world

Page 42: A disturbing comment on my blog…. Who is sux@boston.com?
Page 43: A disturbing comment on my blog…. Who is sux@boston.com?
Page 44: A disturbing comment on my blog…. Who is sux@boston.com?
Page 45: A disturbing comment on my blog…. Who is sux@boston.com?
Page 46: A disturbing comment on my blog…. Who is sux@boston.com?
Page 47: A disturbing comment on my blog…. Who is sux@boston.com?

Martus.org

• Records are encrypted, stored securely at a remote site, backed up to multiple locations and protected by a unique password.

• After a bulletin has been designated as final by the user, it cannot be altered, ensuring that even an unauthorized user who may have obtained access cannot delete the group's records.

Page 48: A disturbing comment on my blog…. Who is sux@boston.com?

Some bad passwords:“fluffy” - Pet’s name (guessable)“010473” - Dates (guessable)“solitaire” - common words (vulnerable)

Dictionary attacks - take every word in a dictionary. Encrypt them. See if any one matches the password. If so, you’re in!

Better password: fluffy010473Even better: fluFFY0104&#

Page 49: A disturbing comment on my blog…. Who is sux@boston.com?

VGY&BHU*

Not very easy to remember…

Page 50: A disturbing comment on my blog…. Who is sux@boston.com?

VGY&BHU*

Very easy to remember… possibly too easy

Page 51: A disturbing comment on my blog…. Who is sux@boston.com?

99bob@TW

“Ninety nine bottles of beer on the wall”

Page 52: A disturbing comment on my blog…. Who is sux@boston.com?

The longer the betterMix of letters, numbers, symbolsUPPER and lowercase MiXeD

BUT

A good password is memorable without writing it down.A written password is a broken password.

Page 53: A disturbing comment on my blog…. Who is sux@boston.com?

If you can only remember one password, usePasswordSafe or PasswordGorilla…

Page 54: A disturbing comment on my blog…. Who is sux@boston.com?

Surveillance & Locations

• Low-tech (security camera placed at a cyber-cafe)

• Local (software on a specific PC, e.g. keystroke logger)

• Network/ISP• Internet backbone / Int’l

gateway

Page 55: A disturbing comment on my blog…. Who is sux@boston.com?

PC: Key Stroke Logger• Hardware or Software

that logs all key strokes• Intercepts passwords• Log files can be

transmitted to remote location

Page 56: A disturbing comment on my blog…. Who is sux@boston.com?

Packet Sniffing• Intercept network traffic• Protocol Analysis (HTTP

vs. SMTP)• Optionally, search for

specific strings (keywords, names, email addresses)

Page 57: A disturbing comment on my blog…. Who is sux@boston.com?

What Filtering Looks Like

Page 58: A disturbing comment on my blog…. Who is sux@boston.com?

Filtering: Where and How

• DNS filtering• IP filtering• URL filtering

Page 59: A disturbing comment on my blog…. Who is sux@boston.com?

Filtering

• Detecting Filtering– Sometimes an error is just an error– How can we tell?

• Responding to Filtering– Knowing how a site is filtered is extremely

important

Page 60: A disturbing comment on my blog…. Who is sux@boston.com?

Block Pages• Confirms a block• May contain category

information• May indicate tech used• View-Source:

– <ISUTAG filter="sf" url="http://www.playboy.com/" >

– <ISUTAG filter="local"

url="http://www.islah.tv/">

Page 61: A disturbing comment on my blog…. Who is sux@boston.com?

HTTP Headers• May identify filtering tech

– Iran: NEDAGET http://www.emrooz.ws/ HTTP/1.1

HTTP/1.x 403 Forbidden

X-Squid-Error: ERR_SCC_SMARTFILTER_DENIED

• 404 or 403– Distinguish between errors

• 302: Check Redirects– UzSciNetGET http:// forum.ferghana.ru / HTTP/1.1

HTTP/1.x 301 Moved Permanently

Location: http://ferghana.ru/

• 200: Blockpage?– Server header is good indicator

Page 62: A disturbing comment on my blog…. Who is sux@boston.com?

Network Interrogation

• Tools:– Traceroute

– TCP Traceroute

– Packet Sniffer

Page 63: A disturbing comment on my blog…. Who is sux@boston.com?

Key Questions

• Is the site filtered for sure?

• Is there an indication why it is filtered?

• When is it time to sound the alarm?

• When is it time to activate your circumvention strategy?

Page 64: A disturbing comment on my blog…. Who is sux@boston.com?

Circumvention Strategies

• Push strategies: content delivered to users.

• Pull strategies: enables users to access content.

Page 65: A disturbing comment on my blog…. Who is sux@boston.com?

Get to know your users

• Context and location of users• Spectrum from casual to committed• Servicing Users

– Sign-up profiles– Email list

• Identify users that want continued information– Interactivity – Updates

Page 66: A disturbing comment on my blog…. Who is sux@boston.com?

Info Management

• There will be windows of opportunity: it takes time for a site to be filtered

• Information you make public can be discovered by those who filter

• Develop responses to filtering that relate to your users

Page 67: A disturbing comment on my blog…. Who is sux@boston.com?

Responses

• Communication Strategy

• Mirroring Strategy

• Syndication Strategy

• Circumvention Strategy

Page 68: A disturbing comment on my blog…. Who is sux@boston.com?

Communications

• Sustain communication with users– Email– IM, Chat, SMS

• Advertise new locations– E.g. Google Ads

Page 69: A disturbing comment on my blog…. Who is sux@boston.com?

Mirroring

• Register multiple domain names

• Obtain accounts on several ISPs

• Have a technical mirroring solution ready

Page 70: A disturbing comment on my blog…. Who is sux@boston.com?

Our clever db trick…

Page 71: A disturbing comment on my blog…. Who is sux@boston.com?

Syndication

• CC/GPL for syndication options

• RSS– Third-party aggregators– RSS emailer– RSS mirrors

• P2P

Page 72: A disturbing comment on my blog…. Who is sux@boston.com?

Responses

Page 73: A disturbing comment on my blog…. Who is sux@boston.com?

Circumvention

Page 74: A disturbing comment on my blog…. Who is sux@boston.com?

Simple Circumvention

• Sometimes it’s a simple as removing “www” from the domain name

• Or accessing the IP directly or through an alternate domain name

• Or using the Google cache

Page 75: A disturbing comment on my blog…. Who is sux@boston.com?

Two Types of Users

• Providers: non-filtered locations

• Users: censored locations

• Successful circumvention relies on meeting the needs of both users.

Page 76: A disturbing comment on my blog…. Who is sux@boston.com?

Determining Needs and Capacity

• Bandwidth• User location• Level of technical expertise• Trusted contacts• Potential penalty• Full disclosure

Page 77: A disturbing comment on my blog…. Who is sux@boston.com?

Public vs. Private

• Public– Zero Trust– Could be blocked

• Private– Trusted contact– Low circulation

Page 78: A disturbing comment on my blog…. Who is sux@boston.com?
Page 79: A disturbing comment on my blog…. Who is sux@boston.com?
Page 80: A disturbing comment on my blog…. Who is sux@boston.com?
Page 81: A disturbing comment on my blog…. Who is sux@boston.com?

Not Anonymous

• If plaintext, the content of the session can be easily intercepted and analyzed by an intermediary such as an Internet Service Provider (ISP)

Page 83: A disturbing comment on my blog…. Who is sux@boston.com?

Modify Browser Setting

Page 84: A disturbing comment on my blog…. Who is sux@boston.com?

“Open” Proxy Servers

• Not secure, traffic is in plain text

• Not anonymous, proxy owner can intercept all traffic

• Often just misconfigured servers that are not intended for public use

Page 85: A disturbing comment on my blog…. Who is sux@boston.com?

Private Key encryption:- Fast- Secure- Strength proportional to key length

Works great for protecting my files.But what if I want to send a secret message to you?The problem: Key distribution.

Page 86: A disturbing comment on my blog…. Who is sux@boston.com?

Conventional encryption is symmetric:

“cipher” “djqifs” “cipher”

key key

Public encryption is not symmetric:

“cipher” “cgaone” “cipher”

Key A Key B

You can encode a message with Key A, but Key A is useless for decoding it. Weird! Key A = public key. Key B = private key.

Page 87: A disturbing comment on my blog…. Who is sux@boston.com?

Sender Recipient

In conventional encryption, I send a message to the recipient in a locked box.

Both of us have the key, and both of us can open the box.

Page 88: A disturbing comment on my blog…. Who is sux@boston.com?

Recipient

In public key encryption, the recipient first sends me an unlocked box to which only she has the key.

I lock my message inside and send the box to her…

Page 89: A disturbing comment on my blog…. Who is sux@boston.com?

Once I’ve locked the message in the box, I can’t read it, as I don’t have the key!

It’s safe for the recipient to send me a lock, as the lock doesn’t allow me to unlock a locked box.

(Weird.)

Why is it safe to send a credit card number over the internet?

Page 90: A disturbing comment on my blog…. Who is sux@boston.com?

When you request an https:// site, that site sends your browser a public key - an unlocked box. Your browser encrypts your information so only that site can read it.

Page 91: A disturbing comment on my blog…. Who is sux@boston.com?

Signed Certificates

• A Certification Authority (CA) digitally signs each certificate issued

• Each browser contains a list of CAs to be trusted • When the SSL handshake occurs, the browser

verifies that the server certificate was issued by a trusted CA

• If the CA is not trusted, a warning will appear 

Page 92: A disturbing comment on my blog…. Who is sux@boston.com?
Page 93: A disturbing comment on my blog…. Who is sux@boston.com?
Page 94: A disturbing comment on my blog…. Who is sux@boston.com?

Man-In-The-Middle Attack

Page 95: A disturbing comment on my blog…. Who is sux@boston.com?
Page 96: A disturbing comment on my blog…. Who is sux@boston.com?
Page 97: A disturbing comment on my blog…. Who is sux@boston.com?

Private Circumventors

• Leverages personal relations of trust

• Web-based circumventor on SSL-enabled webserver

• Circumvention & security is the focus, not anonymity or privacy

Page 98: A disturbing comment on my blog…. Who is sux@boston.com?

Civisec & Psiphon

• Psiphon is an encrypted webserver + web-based proxy

• It is designed for personal use, based on the circle of trust model

• It is private and decentralized

Page 99: A disturbing comment on my blog…. Who is sux@boston.com?

Psipon

• Users in non-censored countries download the software

• The location is shared with users your personally know and trust in censored countries

• The user in the censored country does not have to download any software

Page 100: A disturbing comment on my blog…. Who is sux@boston.com?

Redundancy

• The circle of trust is based on social networks

• This model can be optionally extended for redundancy

Page 101: A disturbing comment on my blog…. Who is sux@boston.com?
Page 102: A disturbing comment on my blog…. Who is sux@boston.com?
Page 103: A disturbing comment on my blog…. Who is sux@boston.com?

Extending Trust

• Pro– Redundancy– Larger user base

• Con– Increases chance of infiltration– Increases chance of blocking

Page 104: A disturbing comment on my blog…. Who is sux@boston.com?

Anonymous Communications Systems

• Anonymity is protected from:– ISP– Circumvention system– Content server

• Examples– Java Anonymous Proxy– TOR

Page 105: A disturbing comment on my blog…. Who is sux@boston.com?

Explaining Tor

Page 106: A disturbing comment on my blog…. Who is sux@boston.com?

Downsides of Tor

• - slow

• dangerous if you’re the only one using it

• Hard to use?

Page 107: A disturbing comment on my blog…. Who is sux@boston.com?

We tend to treat email like it was private.It’s not.

In the US, if your employer provides your email, he is permitted to read it. Many do.

The administrator of your mail system can read your unencrypted email. How well do you trust your sysadmin? The sysadmin on the receiving end?

If anyone is sniffing packets on your network, they can read all unencrypted traffic - including email.

Page 108: A disturbing comment on my blog…. Who is sux@boston.com?

Ask your sysadmin if they support IMAPS or POPS. Most do, and most will thank you for using it.

Page 109: A disturbing comment on my blog…. Who is sux@boston.com?

When using web-based mail, use services that use https. Try this - https://gmail.google.com

Page 110: A disturbing comment on my blog…. Who is sux@boston.com?

Using Thunderbird with OpenGPG

Even with https, the email is still vulnerable on the server and your hard drive. Enter PGP…

Page 111: A disturbing comment on my blog…. Who is sux@boston.com?

Enigmail requires Thunderbird, GPG (a PGP implementation) and the Enigmail package.

Page 112: A disturbing comment on my blog…. Who is sux@boston.com?

Using pgp.mit.edu to find a public key.Is the key legit?

Page 113: A disturbing comment on my blog…. Who is sux@boston.com?

PGP users “sign” each other’s keys - this verifies that the person using the key is actually the person associated with it.

Page 114: A disturbing comment on my blog…. Who is sux@boston.com?

When a PGP-encrypted email arrives, Thunderbird asks you to enter your passphrase to decrypt. Also alerts you to signed mail.

Page 115: A disturbing comment on my blog…. Who is sux@boston.com?

Hushmail - PGP made easy (okay, easier.)

Page 116: A disturbing comment on my blog…. Who is sux@boston.com?

+

+

Near-anonymous blogging

Page 117: A disturbing comment on my blog…. Who is sux@boston.com?

Tor installed, ready to go…

Page 118: A disturbing comment on my blog…. Who is sux@boston.com?

Torpark - torpark.nfshost.com - Tor on a USB key!

Page 119: A disturbing comment on my blog…. Who is sux@boston.com?

If you’re concerned that your blog will get you into trouble, blog from an unmonitored cybercafe, and use Torpark on

a USB key.

Page 120: A disturbing comment on my blog…. Who is sux@boston.com?

Make sure Tor is working before relying on it.http://serifos.eecs.harvard.edu/cgi-bin/ipaddr.pl?tor=1

Page 121: A disturbing comment on my blog…. Who is sux@boston.com?

When using the web through Tor, your IP address is hidden - you appear to be coming from a different IP.

Page 122: A disturbing comment on my blog…. Who is sux@boston.com?

Set up a hushmail account with a name that is not easily linked to you.

Page 123: A disturbing comment on my blog…. Who is sux@boston.com?

Why we don’t recommend Hotmail…

Page 124: A disturbing comment on my blog…. Who is sux@boston.com?

Or Yahoo! Mail…As long as you sign up via Tor, you’d be okay…

Page 125: A disturbing comment on my blog…. Who is sux@boston.com?

But gmail…

Page 126: A disturbing comment on my blog…. Who is sux@boston.com?

…and hushmail don’t report your IP in their headers.

Page 127: A disturbing comment on my blog…. Who is sux@boston.com?

Still using Tor, and using your new hushmail account, sign up for a Wordpress blog.

Page 128: A disturbing comment on my blog…. Who is sux@boston.com?

The process isn’t perfect. Wordpress doesn’t expect you to be using Tor, and chokes occasionally. Ignore the errors and keep going…

Page 129: A disturbing comment on my blog…. Who is sux@boston.com?

Wordpress will send an email to your hushmail account. Respond - using Tor - to activate the new blog.

Page 130: A disturbing comment on my blog…. Who is sux@boston.com?

Your brand new, highly secure, hosted blog!

Page 131: A disturbing comment on my blog…. Who is sux@boston.com?

Using Tor, you can start posting. But one concern remains:

Page 132: A disturbing comment on my blog…. Who is sux@boston.com?

Sleepless in Sudan: Aid worker blogging from Darfur, highly critical of Sudanese government. Needs to remain completely anonymous.

Page 133: A disturbing comment on my blog…. Who is sux@boston.com?

We know the Khartoum government is watching Sleepless’s blog.

We know they can watch all Internet traffic coming out of Sudanese ISPs.

Every time something is posted to the blog, there’s a request from a specific IP to a Tor server…

Sleepless must be posting through Tor - let’s arrest her!

Page 134: A disturbing comment on my blog…. Who is sux@boston.com?

Changing timestamps to prevent timing attacks. Consider putting the date 5-15 minutes ahead of time - the blog will autopublish once you’ve already logged out!

Page 135: A disturbing comment on my blog…. Who is sux@boston.com?

To stay anonymous:

- Post, email and comment through Tor or another proxy.- Minimize information that could only have come from you.- Post from unmonitored public computers (danger of keystroke logging! )- Post from your machine (danger that you’re one of very few people using Tor/Proxy!)- Don’t be stupid.

Page 136: A disturbing comment on my blog…. Who is sux@boston.com?

Why you should not be anonymous:

-Identify yourself and by default, you’re trusted. Conceal yourself and by default, you’re not.

- Secrecy leads to speculation - is Salam Pax a CIA agent? An al-Qaeda member?

- Need to build your reputation as an anonymous blogger over many posts.

- If you can’t blog without being anonymous, be anonymous. If you can, seriously consider blogging in your own name.

Page 137: A disturbing comment on my blog…. Who is sux@boston.com?

Why is “Inside PCIJ” the top result for “gloria garci”?

Page 138: A disturbing comment on my blog…. Who is sux@boston.com?

How Google works… (sort of)

When you search for a term, you get web pages that include that term.

They’re ranked by “authority”.

“Authority” = popularity = incoming links(adjusted for spam, freshness, link farms)

PageRank - algorithm that determines authority of a page…

Page 139: A disturbing comment on my blog…. Who is sux@boston.com?

mypagerank.netRank: 0-10, logarithmic.Yahoo = 9, Google = 10

PCIJ’s blog is a “6” - pretty good!

Page 140: A disturbing comment on my blog…. Who is sux@boston.com?

Manila Standard is a “4”.Not so good.PCIJ is 100x more authoritative.

Page 141: A disturbing comment on my blog…. Who is sux@boston.com?

How much do we trust Jeff Ooi?

Page 142: A disturbing comment on my blog…. Who is sux@boston.com?

Google says Jeff is a “6”!

Page 143: A disturbing comment on my blog…. Who is sux@boston.com?

Who links to Jeff? Technorati.com

Page 144: A disturbing comment on my blog…. Who is sux@boston.com?

1794 links from 822 sites, #1,125 in the world!

Page 145: A disturbing comment on my blog…. Who is sux@boston.com?

Who links to Jeff… and why?

Page 146: A disturbing comment on my blog…. Who is sux@boston.com?

Why we link:

- Participate in conversations

- Reinforce social ties (blogroll)

- Ask for links back to our work

If you want links to your blog, link to other blogs. Comment on other blogs. Answer your own comments. Start conversations.

Page 147: A disturbing comment on my blog…. Who is sux@boston.com?

Blogpulse.com

Page 148: A disturbing comment on my blog…. Who is sux@boston.com?

pubsub.com

Page 149: A disturbing comment on my blog…. Who is sux@boston.com?

Tags identify blog content

Page 150: A disturbing comment on my blog…. Who is sux@boston.com?

Jordanplanet.net - a national blog aggregator

Page 151: A disturbing comment on my blog…. Who is sux@boston.com?

Posts from blogs, blogroll…

Page 152: A disturbing comment on my blog…. Who is sux@boston.com?

Virtual communities are also real-world communities. We link to people we know…

Page 153: A disturbing comment on my blog…. Who is sux@boston.com?

The Kaybees - Kenya’s national blogawards…

Page 154: A disturbing comment on my blog…. Who is sux@boston.com?

Clay Shirky - Weblogs and Power laws

Page 155: A disturbing comment on my blog…. Who is sux@boston.com?

Popular blogs - 10,000+ incoming links

Page 156: A disturbing comment on my blog…. Who is sux@boston.com?
Page 157: A disturbing comment on my blog…. Who is sux@boston.com?

Making friends with the A-List:

- Don’t beg.

- Know what they write about.

- Link before you ask.

- At a certain point, bloggers are journalists - disclosure of conflicts, transparency about linking.