Your point is valid in a lot of ways, but then again… IMHO, if people want to use information in a “sinister” way, be it real estate or something else, there’s nothing stopping you from doing some wardriving, logging to maps, finding points of interest, and getting the blueprints somewhere else. I have to admit, I don’t how things are in the US, but here, when it comes to real estate, blueprints can be bought very cheap from the city planners office with no questions asked what s ever.

So, maybe it isn’t so much a discussion about “what” info there should be floating around, opposed to how easy it is to get without some logging on _who_ got the information, and for what purpose….

just a thought..

Multiple sources of data will be indexed and mashed up against each other. Searching by location to find the highest income individual in an area, and a full bio on them. An article in the current 2600 sums it up better than I can. Database of marriage licenses and birth records correlated to find maiden names: security words. Author says and exploit that works against .01% of a big number is still a big number

The amount of information readily available in public data sources can be benign by themselves. When they are all referenced together is when things get scary. It brings me to the realization that much of our societies idea of ‘security’ is in fact obfuscation that can readily be brought to light.

I like your comment although rather long. Question: do you agree that more accessible information has made you more vulnerable than ever, before? If yes, than you see my point.

pdp

I read the article and I couldn’t resist on giving my opinion.

First of all we can not deny that apps like Zillow has two faces: one is the development of marvellous dynamic applications that are extremely useful for the “good guys”, and another that is equally useful for the “bad guys”. Like it or not, that is the fact.

But as pdp says, we can not Ban this apps just because they have “another” use; or should we ban Wireless transmissions based on 802.11x just because they can be eavesdropped or misused?? There is a reality in all this, and this is that people have to be more up to date with different security issues, and I don’t just mean in the Internet.

The paradox resides in that regular people are not informed and that makes the real security issue in these cases. Clearly now, the inners of their homes are exposed to everyone. I take this chance to thank you, pdp, for this Great Blog and to apologize for my poor English.

Regards,
averno.

Your fear is merely your interpretation of stuff humans have been thinking more or less since we began thinking. We come up with a good idea, and someone else uses it in another way. Often this is beneficial; practically all new inventions or theories are based on modifications of an older version. Whomever came up with the idea of a master key that would open any of their locks probably saved a lot of safes, meanwhile another person soon realized that if they could steal one, or forge it, they could break into lots of safes.

What I think you’re overlooking is the fact that we, as humans, have been dealing with the cons from our pros for eons. There are people, like myself, whose job it is to figure out how to secure things. Most of us don’t spend our time coming up with ideas for the criminals to abuse…instead; we consider how to secure the stuff people are concerned about.

Consider:
- Is the app going to actually give criminals information that would lead them to target a given home? Probably not. Standing outside or simply driving by should give them a good enough idea regarding which is a likely target. Why would they want to pick only one anyway?
- Is the app going to give war-drivers more information than they can already get? Again, probably not. So what if there’s coax or telephone lines, how will that tell you more? Driving by and seeing a FIOS box or a cable truck from Company XYZ will tell you more.

Finally, does any of this matter if I have decent locks, a reasonable security system, and insurance?

Perhaps your concerns were focused more on the privacy aspect? Even there, if you’ve taken pictures inside your house and given them to a lister, you’ve already asked that they make them available to the public…haven’t you? Those details, which you somehow perceive as being abused, are the very things which may get you the money you want for the sale of your house. You can’t have your cake and eat it too! Regardless, the choice is still yours.

In the end, however, I’d ask you to ask yourself…are you truly thinking of ways to better secure people…or are you thinking of criminal acts not yet thought of? If it’s the latter, perhaps there’s a better use for such thoughts than publication to wanna-be criminals-at-large rather than making suggestions about how to use new devices criminally.

I understand that Alexander and especially David want to tone it down, but it’s still possible what PDP says. People laughed when Apple released their iPod, and who knew people would use Google Maps for finding pools to swim in.

I’m pretty sure some chuckled when they read or saw the movie 1984.

I must say it’s really bad to see someone using a strawman argument. Yes, the stone example is a perfect example of a strawman. It’s like when someone says we should ban cars, because they can kill people.

PDP addresses a really good subject. Just look at the information we have access to now. To visit USA I had to go there. Now I can just go on Google Maps and even look at someone front door. I have no intentions on using this information for criminal activities, but I can with 100% confidence tell you that there is people who will.

And punishment won’t stop people from committing the crime. Education will!

Again, great article!

The street names in the area surveyed are all wrong, the values on the home are incorrect. But the GPS and images were spot on.

I hope potential attackers think long and hard before trusting this sort of data. Google Maps and an MLS site would probably get you a lot further. For more infromation city hall might be the place to check…

The best thing about the information age is so much of the data is crap. Interesting post, I could defiantly see how this could be a useful tool if the data was more reliable. The whole town is messed up.

nowadays, all that info is dumped into databases and apps like zillow make it accessible.

it isn’t really a new vuln, because attackers can do recon with or without zillow. the bar is just lowered for attackers and raised for defenders.

traditional home defenses beyond obscurity (locks, alarms, dogs, weapons, piles of dirty underwear, etc) don’t loose effectiveness when zillow is introduced. thusly, it kinda reinforces that obscurity isn’t defense, but is more like keeping off the radar…

imho :)

useful for terrorists, Scheier always thinks this stuff is movie plot material, well guess what 9/11 was no movie plot, it happened due to technological advancements. Information in that sense is power.

But as always, we think it’s innocent untill it gets abused.

But as pdp already say, at the start of the e-mail nobody thought if missusing it. And now everybody is aware of the Spam.

This can happen to this application too. I would also go this far to say that with everyinformation you can do harm or not.

It is up to the ppl to decide what to do. And it is also up to us to whatch over what ppl are doing with information since information can also be used as a “weapon”. It would be foolish to believe that information will only be used for the purpose it was created.

Banana

Thanks for stopping by. Please do not interpret my efforts to start a conversation as a personal attack against Zillow. Your video just happened to grab my attention.

You are correct that Zillow provides already public information. That’s not the problem. The problem is that this information, regardless how harmless it my look to you, could be used for sinister purposes when combined with other sources of information and tools. In other words, your application, although obviously useful to many, facilitates easier research for malicious purposes.

Zillow is among all other web2.0 enabled services out there. I am not arguing that we should abolish these tools and stop using them because of security and privacy concerns. I am only arguing that the web2.0 meme facilitates a different kind of future which mostly relays on openness. I am also arguing that web2.0 tools facilitate that openness in an unimaginable ways. And that is my only argument.

Keep in mind that I am not anti-web2.0 person. I am running web2.0 infrastructures myself in other projects unrelated to GNUCITIZEN.

I must agree with Alexander.

Property information is actually part of the public record in the US. We as a society decided that things like property taxes and transactions would be more likely to be fair if they were publicly recorded. Zillow uses that information and additional details posted by our users to empower home-shoppers with data and functionality useful for selling, buying and financing a home.

We are certainly sensitive to owners’ privacy concerns (which vary greatly.) Ownership information, for example, is also part of the public record, but Zillow selects not to display it.

As we’ve seen from the success of the Zillow iPhone app, people find the real estate data Zillow publishes very useful while visiting homes for sale … or simply walking around the neighborhoods. Nothing sinister about it!

Thanks for the comment. I just want to make clear that some of the posts are not meant to point and expose security issues but to start a dialog. I saw the video and I thought that it is an interesting thing that can be shared. My aim is not to ban applications :) but rather than elaborate how these applications, that data that is out there but yet undiscovered, can be used to create insecure situations or scenarios.