I love this rehash of ceiling cat
Categories
Tag: Surveillance
Categories
Tracking by GSM
From Ars Technica:
The attack works by exploiting features in GSM, or Global System for Mobile Communications, cellular networks that transmit data sent between base stations and phones in clear text. By simply calling the target’s mobile number and monitoring the network’s radio signals as it locates the phone, the attacker can quickly confirm if the person is located in what’s known as the LAC, or Location Area Code. Attackers can use the same technique to determine if the target is within close proximity to a given base station within the LAC.
This is helpful for figuring out where, in a specific geographic area, a person is or (in case you’re interested) where they aren’t. This latter use – clarifying that a person isn’t in a specific LAC – is particularly useful if you are launching some action that is made easier by a person’s non-presence. (Hint: Think burglary).
This new GSM attack builds on other research around monitoring a person’s location by exploiting mobile phones. For a good overview of the information used in similar kinds of surveillance, see Claudio A. Ardagna et als. chapter in Digital Privacy: Theory, Technologies, and Practices.
I’m sorry, but what Path did is (in some jurisdictions, such as my own) arguably a criminal offence. Want to know what they’ve been up to?
When developer Arun Thampi started looking for a way to port photo and journaling software Path to Mac OS X, he noticed some curious data being sent from the Path iPhone app to the company’s servers. Looking closer, he realized that the app was actually collecting his entire address book — including full names, email addresses, and phone numbers — and uploading it to the central Path service. What’s more, the app hadn’t notified him that it would be collecting the information.
Path CEO Dave Morin responded quickly with an apology, saying that “we upload the address book to our servers in order to help the user find and connect to their friends and family on Path quickly and efficiently as well as to notify them when friends and family join Path. Nothing more.” He also said that the lack of opt-in was an iOS-specific problem that would be fixed by the end of the week. [emphasis added]
No: this isn’t an ‘iOS-specific problem’ it’s an ‘iOS lacks an appropriate security model and so we chose to abuse it problem’. I cannot, for the life of me, believe that Apple is willing to let developers access the contact book – with all of its attendant private data – without ever notifying the end user. Path should be tarred, feathered, and legally punished. This wasn’t an ‘accident’ but a deliberate decision, and there should be severe consequences for it.
Also: while the Verge author writes:
Thampi doesn’t think Path is doing anything untoward with the data, and many users don’t have a problem with Path keeping some record of address book contacts.
I think that this misses a broader point. You should not be able to disclose mass amounts of other people’s personal information without their consent. When I provide key contact information it is for an individual’s usage, not for them to share my information with a series of corporate actors to do whatever those actors want with it. The notion that a corporation would be so bold as to steal this personal information to use for their own purposes is absolutely, inexcusably, wrong.
Categories
Watch Out, It’s the Feds!
A cute representation. If it’s saved, and aggregated, it’s a sweet target for the Feds!
Categories
Weapons-Grade Data
Cory Doctorow being brilliant in sprucing up the metaphor that personally identifiable data is like nuclear waste. While the metaphor isn’t new, Doctorow does a great job as only a novelist can.
Every gram – sorry, byte – of personal information these feckless data-packrats collect on us should be as carefully accounted for as our weapons-grade radioisotopes, because once the seals have cracked, there is no going back. Once the local sandwich shop’s CCTV has been violated, once the HMRC has dumped another 25 million records, once London Underground has hiccoughup up a month’s worth of travelcard data, there will be no containing it.
And what’s worse is that we, as a society, are asked to shoulder the cost of the long-term care of business and government’s personal data stockpiles. When a database melts down, we absorb the crime, the personal misery, the chaos and terror.
A really terrific paper on social media and ‘stranger danger’. You should read it.
Categories
The NSA was quite aware that many new network systems were being built rapidly during the dotcom boom, and if cryptography wasn’t built in at the start, it should usually be too expensive to retrofit it later. So each year the NSA held the line on crypto controls meant dozens of systems open to surveillance for decades in the future. In these terms, the policy was successful: little of the world’s network traffic is encrypted, the main exceptions being DRM-protected content, Skype, the few web pages that are protected by TSL, opportunistic TLS encryption between mail servers, SSH traffic, corporate VPNs and online computer games. Everything else is pretty much open to interception – including masses of highly sensitive mail between companies.
~R. Anderson. (2008). Security Engineering: Second Edition. Indianapolis: Wiley Publishing Inc. Pp. 795.
Categories
The Walls: They Have Eyes
Categories
You are under surveillance
You are under surveillance
An awesome piece. It’d be fabulous if someone *cough cough* printed a few hundred of these and started putting them up throughout the US in public spaces.
Categories
Iran clamps down on internet use
From the Guardian a while back, we learn:
Iran is clamping down heavily on web users before parliamentary elections in March with draconian rules on cybercafes and preparations to launch a national internet.
Tests for a countrywide network aimed at substituting services run through the world wide web have been carried out by Iran’s ministry of information and communication technology, according to a newspaper report. The move has prompted fears among its online community that Iran intends to withdraw from the global internet.
The police this week imposed tighter regulations on internet cafes. Cafe owners have been given a two-week ultimatum to adopt rules requiring them to check the identity cards of their customers before providing services.
Since the Green Revolution the Iranian government has massively committed resources to identifying and undermining Iranian citizens’ ability to communicate with one another using electronic systems. From their integration of deep packet inspection into their main ISP networks – and configuring them to identify and stop some kinds of encrypted traffic – to the creation of cyber-police, and now attempts to physically identify those who use public computers, it is getting harder and more dangerous for Iranians to communicate with one another over the Internet.
Excited Pixels 