Skip to main content

We would like to think that the devices we purchase are things we own and control, and that the accounts we create in social-media space to represent us also belong to us. If schools loan laptops to kids, we assume that they're for the kids' own use and are not going to be used against them by school staff in some nefarious way.

But if you're tracking news on privacy and technology, you probably understand that these beliefs are ... well ... they're fantasy. Or at least they're old-school. Such assumptions are becoming less true over time.

Beneath the fold: six ways your electronica and social-media providers own you.

FinSpy: who's tracking your every e-mail?

Tinfoil milliners, pay attention, please. Not that a hat would help in this case.

On 30 Aug 2012, the NY Times ran a story Software Meant to Fight Crime Is Used to Spy on Dissidents. The gist is that software is being used to spy on people that governments find ... inconvenient. This despite the software's purported intent: to help police in "a country that obeys the rule of law" to catch nasty people committing nasty crimes. From the NYT article, bold emphasis added:

The software proved to be the stuff of a spy film: it can grab images of computer screens, record Skype chats, turn on cameras and microphones and log keystrokes. The two men [featured in the article] said they discovered mobile versions of the spyware customized for all major mobile phones.

But what made the software especially sophisticated was how well it avoided detection. Its creators specifically engineered it to elude antivirus software made by Kaspersky Lab, Symantec, F-Secure and others.

The software has been identified as FinSpy, one of the more elusive spyware tools sold in the growing market of off-the-shelf computer surveillance technologies that give governments a sophisticated plug-in monitoring operation. Research now links it to servers in more than a dozen countries, including Turkmenistan, Brunei and Bahrain, although no government acknowledges using the software for surveillance purposes.

The market for such technologies has grown to $5 billion a year from "nothing 10 years ago," said Jerry Lucas, president of TeleStrategies, the company behind ISS World, an annual surveillance show where law enforcement agents view the latest computer spyware.

FinSpy is made by the Gamma Group, a British company that says it sells monitoring software to governments solely for criminal investigations.

[...] FinSpy gained notoriety in March 2011 after protesters raided Egypt’s state security headquarters and discovered a document that appeared to be a proposal by the Gamma Group to sell FinSpy to the government of President Hosni Mubarak for $353,000. It is unclear whether that transaction was ever completed.

You don't control your expensive iPhone ... Apple controls your expensive iPhone

Also in August of last year -- the very next day following the NYT article excerpted above, in fact -- Devin Coldeway wrote about a new Apple patent for Apple patent would disable phone based on location (bold emphasis added below).

Among a bevy of patents awarded to Apple this week was one that would enable or disable certain features of a phone depending on its location. It could be useful, but it also raises serious questions about who really owns your device.

The patent, "Apparatus and methods for enforcement of policies upon a wireless device," was pointed out by Apple Insider Thursday. It's similar to an application made public in 2011 that would use a sensor in the phone to detect whether it was allowed to take pictures or make calls. The new patent relies on GPS, cell tower or Wi-Fi data to determine location, and then "changing one or more functional or operational aspects" of the device.

What kinds of serious questions does this patent raise?

That same news-day, Mark Frauenfelder posted to BoingBoing an item titled Apple granted patent for location-based camera phone disabling. Frauenfelder quoted from the patent application describing the ability to apply "policies" to devices so that their function is limited or disabled in "sensitive locations," then observes (bold emphasis added):

I imagine movie theaters would be the first to use this remote disabling feature (if Apple ever decides to move ahead with this technology; just because they have a patent doesn't mean they'll use it). The paranoid side of me imagines governments using it to prevent citizens from communicating with each other or taking video during protests.
That's interesting, 'cuz that's what the 'paranoid' side of me imagines too. Maybe even the same sorts of governments who would pay six figures or more for the use of FinSpy.

Do you know whether your local school district is spying on your children tonight?

I didn't catch this story when it happened (I learned about it from a webcast I watched last month). The gist: a school district in suburban Pennsylvania loaned laptops to students in 2010, then used software installed on the laptops to spy on them. Yes, you read that right. To spy on children.

"Spy" in this case includes turning on the cameras while the kids were using their laptops at home, including in their bedrooms. Here's the gist from Wikipedia's article about the class action lawsuit brought in the matter, Robbins v. Lower Merion School District, sans extensive links to fascinating footnotes (bold emphasis added):

[...] in what was dubbed the "WebcamGate" scandal, the schools secretly spied on the students while they were in the privacy of their homes. School authorities surreptitiously and remotely activated webcams embedded in school-issued laptops the students were using at home. After the suit was brought, the school district, of which the two high schools are part, revealed that it had secretly snapped more than 66,000 images. The suit charged that in doing so the district infringed on its students' privacy rights. A federal judge issued a preliminary injunction, ordering the school district to stop its secret webcam monitoring, and ordered the district to pay the plaintiffs' attorney fees.
The lawsuit was settled 'to protect taxpayers' ... see School settles laptop spying case to "protect taxpayers" on Arstechnica.

Your phone is tracking your movement while shopping?!!

Fast forward to last week, when Quentin Hardy blogged on the NY Times that your phone's WiFi antenna is being used to monitor your movements in certain stores, from when you enter 'til when you leave, capturing where in the store you go (and thus what merchandise you're checking out), and how long you stay. This monitoring happens whether or not you're using your device to connect to the internet, or to make a phone call. Nope. That phone you're carrying, unused, in a pocket or purse or backpack is reporting on you in any case. From 7 March 2013, in Technology Turns to Tracking People Offline (bold emphasis added below):

The big initial use is the so-called bounce rate, or the percentage of people who come into the store who leave without making a purchase. But the technology also helps stores make sure that there is enough sales help or that enough registers are open. By seeing how people move in a store, retailers can also better determine where to place low-profit and high-profit items.


Computers are already recognizing people moving around, both voluntarily and involuntarily. [...] at a conference in Santa Monica, Calif., held by the Montgomery and Company investment firm [...] a company called Omnilink, which makes ankle devices for people under home arrest, talked about plans to expand into monitoring elders, children, workers on their own in the field and the infirm.

So now you can think of that smartphone as the key to having an intimate relationship with Big Brother. But don't worry. They'd never use your own phone to target you in a drone attack. Would they?

Even Deans at Harvard get their e-mail secretly inspected. Why should you be immune?

Can you imagine a more august and privileged group of individuals, a group of individuals to whom more deference is paid, than the faculty of Harvard University? I mean, okay: short of England's royal family, or Donald Trump when he's surrounded by trembling toadies.

Well, deference didn't stop Harvard's administrators from secretly spying on 16 faculty members who hold the role of "resident deans" ... nope, those nosy administrators wormed their way into the professors' e-mail accounts, looking to unmask a suspected 'culprit' who shared information with the press about a cheating scandal. From the NY Times, dateline 10 March 2013, Harvard E-Mail Search Stuns Its Faculty Members:

"I think what the administration did was creepy," said Mary C. Waters, a sociology professor, adding that "this action violates the trust I once had that Harvard would never do such a thing."

[...] Though some professors were disinclined to speak to a reporter, they showed less restraint online, where sites were buzzing with the news, and several professors said the topic dominated the faculty’s private conversations.

On his blog, which is closely followed by many people at Harvard, Dr. [Harry R.] Lewis[, a professor and former dean of Harvard College,] called the administration’s handling of the search "dishonorable," and, like some of his colleagues, said the episode would prompt him to do less of his communication through his Harvard e-mail account, and more through a private account.

I hope Professor Lewis's idea of "a private account" isn't one provisioned by a behemoth like Google or Microsoft. You've got to figure that these companies are going to pay even less deference to Harvard faculty than the administrators at Harvard University. And it's pretty hard to imagine that all the Harvard faculty who follow Lewis' example are going to read the fine-print Terms of Service that pretty much nobody but the folks at the Electronic Frontier Foundation reads anyway.

Google Glass: Who's Watching Whom???

Everybody from CNN to CNET to TechCrunch is gushing over the latest news about Google Glass, a wearable interface to the greatest data farm on Earth, livestreaming data to and from your eyeglasses to ... wherever. At the SXSW show yesterday, Google spoke to developers about the interface -- the Mirror API -- that programmers will use to build apps for Google Glass.

The hype from Google's Timothy Jordan, as reported on TechCrunch, in a story with a very long headline:

As part of today’s presentation, Jordan also detailed some Glass apps Google has been working on itself, and apps that some of its partners have created. The New York Times app, for example, shows headlines and then lets you listen to the full article by telling Glass to “read aloud.” Google’s own Gmail app uses voice recognition to answer emails (and it obviously shows you incoming mail, as well). Evernote’s Skitch can be used to take and share photos, and Jordan also showed a demo of social network Path running on Glass to share your location.
But it doesn't take much imagination to visualize sidewalks full of people using their glasses to snap photos and shoot video of whatever they find interesting ... including you. James Kendrick wrote yesterday for ZDNet's Mobile News, an article titled Google Glass: Expect widespread usage bans over privacy concerns. Yes indeed. Excerpting:
A bar in Seattle has already generated buzz in tech communities with a preemptive strike against Google Glass. The proprietor doesn't want patrons to have to worry that someone with Google Glasses might be snapping photos. His patrons come in for privacy and he wants to keep it that way.

That may have been nothing more than a publicity stunt but it portends a greater problem for Google Glass. When the general public becomes aware of Google Glass and exactly what it does, expect to see a lot of reactions similar to that of the Seattle bar owner.

Is this a matter of your devices owning you, or of someone else's devices owning you? Well, both actually. When that Google Glass wearing minions pass you on the sidewalk, you're the data being streamed to Google and ... wherever. But once s/he has passed? Everything the glass-wearer does, everywhere she goes, whatever she says to whomever: combine that with FinSpy or the WebcamGate software and everything about that glass-wearer is tracked and analyzed, by agents and for reasons over which s/he has zero control.

Google Glass is expected to begin rolling out to software developers and others later this year.

Are you feeling like somebody's looking over your shoulder?

Bottom line: Today somebody just might be peeking out of your pocket. Next year, warnings to beware the evil eye will begin to take on whole new data dimensions of meaning.

This diary is cross-published from the authors blog, One Finger Typing

Originally posted to Steve Masover on Tue Mar 12, 2013 at 09:46 AM PDT.

Also republished by Community Spotlight.

Your Email has been sent.
You must add at least one tag to this diary before publishing it.

Add keywords that describe this diary. Separate multiple keywords with commas.
Tagging tips - Search For Tags - Browse For Tags


More Tagging tips:

A tag is a way to search for this diary. If someone is searching for "Barack Obama," is this a diary they'd be trying to find?

Use a person's full name, without any title. Senator Obama may become President Obama, and Michelle Obama might run for office.

If your diary covers an election or elected official, use election tags, which are generally the state abbreviation followed by the office. CA-01 is the first district House seat. CA-Sen covers both senate races. NY-GOV covers the New York governor's race.

Tags do not compound: that is, "education reform" is a completely different tag from "education". A tag like "reform" alone is probably not meaningful.

Consider if one or more of these tags fits your diary: Civil Rights, Community, Congress, Culture, Economy, Education, Elections, Energy, Environment, Health Care, International, Labor, Law, Media, Meta, National Security, Science, Transportation, or White House. If your diary is specific to a state, consider adding the state (California, Texas, etc). Keep in mind, though, that there are many wonderful and important diaries that don't fit in any of these tags. Don't worry if yours doesn't.

You can add a private note to this diary when hotlisting it:
Are you sure you want to remove this diary from your hotlist?
Are you sure you want to remove your recommendation? You can only recommend a diary once, so you will not be able to re-recommend it afterwards.
Rescue this diary, and add a note:
Are you sure you want to remove this diary from Rescue?
Choose where to republish this diary. The diary will be added to the queue for that group. Publish it from the queue to make it appear.

You must be a member of a group to use this feature.

Add a quick update to your diary without changing the diary itself:
Are you sure you want to remove this diary?
(The diary will be removed from the site and returned to your drafts for further editing.)
(The diary will be removed.)
Are you sure you want to save these changes to the published diary?

Comment Preferences

  •  very interesting; tx for diary (8+ / 0-)

    We Must DISARM THE NRA The next life you save may be ONE OF YOUR OWN!

    by SeaTurtle on Tue Mar 12, 2013 at 10:13:54 AM PDT

  •  All your database are belong to U.S. (9+ / 0-)

    just saying . . .

  •  and your shoes (4+ / 0-)
    "We developed a shoe that could talk and tell you things--that could pick up enough information about your exercise, whether you're walking, running, moving fast or slow," says Percifield. "From there, we developed the personality, and then added the phrases and connection. Not only does it have a personality and it actually talks to you, but it interacts with your social networks."

    guns are fun v. hey buddy, watch what you are doing -- which side are you on?

    by 88kathy on Tue Mar 12, 2013 at 10:17:16 AM PDT

  •  Good points, but the diary title ... (7+ / 0-)

    ... irks me a great deal.

    This is not "your electronica owns you".  This is "the people who sell you electronica still own the devices they sell you, and also own all the data you put into those devices."

    It's not the tools; it's the people.

  •  Although I have been aware of some of these (1+ / 0-)
    Recommended by:

    privacy invasions in the past, the technology is growing so fast that it is hard to keep up.

    And I have felt somewhat protected because as much data as is being collected will still need human eyes to determine its worth. And that is a lot of data to review, even if computers can use keywords to do an initial filter.

    We must not confuse dissent with disloyalty - Edward R. Murrow

    by Susan Grigsby on Tue Mar 12, 2013 at 04:06:57 PM PDT

    •  Human eyes? Not necessarily: "LCohen" below (5+ / 0-) a good example: someone with an Android phone takes a photo of a book or a bottle of wine, and through the magic of algorithmic image analysis Amazon figures out what the Android-owner is looking at (taking a picture of) and proves it by sending a coupon for the item in question.

      Now "ewhac" suggests this is an app that the Android phone owner installed, which may well be so (I don't know, but it sounds plausible to me). But that's not the thing to worry about when it comes to determining whether "human eyes" are necessary to make sense of image or other data piped through your electronic devices to some server in the sky.

      Facebook looks at your photos and "knows who your friends are" (link is to an article).

      Google will take an image you upload (or point to with a URL) and find other images like it. Try it with the little camera icon on the right side of the search-input field for Google Images.

      No human eyes involved....

      •  As far as info for commercial vendors like (1+ / 0-)
        Recommended by:

        Amazon, I don't really care. I would rather have ads that are focused on things I am interested in than not. If my TV worked that way I wouldn't have to watch commercials for underarm testosterone during the dinner hour.

        I was more concerned about government oversight.

        That said, the difference between our government and corporate interests is getting smaller every day.

        Facebook Likes can also tell a lot about a person according to research done at the University of Cambridge as was reported today on TG Daily.

        Some Likes had a strong but seemingly incongruous or random link with a personal attribute, such as Curly Fries with high IQ, or That Spider is More Scared Than U Are with non-smokers.

        We must not confuse dissent with disloyalty - Edward R. Murrow

        by Susan Grigsby on Tue Mar 12, 2013 at 06:53:39 PM PDT

        [ Parent ]

  •  Seems innocuos (8+ / 0-)

    but I found it disturbing when on Friday a fellow dinner party guest took a photo of a cookbook on his android phone and instantly received an amazon coupon for the book. Same thing happened when we tested it on a wine bottle. Apparently you camera photos belong to google.

    I am not going to sit here and be an idle spectator to the diminution, the subversion, the destruction, of the Constitution. Barbara Jordan

    by Lcohen on Tue Mar 12, 2013 at 04:38:22 PM PDT

    •  It does make you nervous, doesn't it? (n/t) (1+ / 0-)
      Recommended by:
    •  Installed SW? (5+ / 0-)

      That sounds like a "feature" provided by Amazon Marketplace, and not the default Google stuff.  (Did your guest have Instant Upload turned on?)

      I think it might be an interesting social experiment to randomly select 1000 or so Android phone users, sit them down in front of the entire Settings/Preferences hierarchy and see which entries they understand and how well.

      •  "Default Google stuff" doesn't mean much... (1+ / 0-)
        Recommended by:
        Throw The Bums Out

        when most Android phones are running customized software provided by the carrier. Lots of them have crap like Amazon stuff pre-installed and activated.

        I'm sure companies like Amazon are trying to push wireless carriers to include their apps by default... (It'd be bad business sense not to!)

        Not many people have a "stock" build of Android software without some sort of additional junk being installed. The ones who do are probably the few who would actually pass your proposed test of going through Settings/Preferences. :)

        •  Actually, it's harder than that. To install a (1+ / 0-)
          Recommended by:

          "stock" build of Android you have to actually hack your phone because normally the bootloader will only boot a digitally signed and approved version of the OS.  In the case of my Thunderbolt that meant installing Linux in Virtualbox (because for some reason Windows ADB didn't work right), downgrading the kernel on the phone manually using a security exploit and the dd command, downgrading the ROM/OS, using another security exploit to make the NAND/flash writable, replace the bootloader via the command line and "dd" again, then install whatever version of Android you want.  On the other hand, the Galaxy S3 only required installing a custom recovery via ODIN (only a few clicks and turning on the phone with the home and volume buttons pressed) and then installing the unlocked bootloader.

          You have watched Faux News, now lose 2d10 SAN.

          by Throw The Bums Out on Tue Mar 12, 2013 at 08:29:45 PM PDT

          [ Parent ]

          •  Well, or buy a Google Nexus/etc, though I've done (2+ / 0-)
            Recommended by:
            Throw The Bums Out, nightsweat

            the unlock drill on a few phones myself. It's indeed a pain. I did have one older phone (a myTouch variant? I think) where I actually did have to do as you said and dd the goddamn firmware onto the phone over USB serial after hacking the bootloader. :) Some phones are easier than others...

            Thus my suggestion that the folks who would know what's up in Settings/Prefs are really just the folks like you who know how to do that kinda stuff... :) (I guess the folks who'll shell out the extra cash for an unlocked Google phone without the added carrier crap probably fall into that camp too.)

            •  Well I have had to physically disassemble a PSP (2+ / 0-)
              Recommended by:
              holeworm, Justus

              battery and clip one of the pins (it's called a Pandora battery, basically you set the serial number to 0xff by disabling the battery's EEPROM memory) in order to hack it.  I am not running vanilla android but I am running a custom rom with the pdroid (permission overrides, and even lets you give apps a random gps location each time they ask) patch and lots of bloat disabled.  Of course, I blocked updates by renaming as well.  However, even with a stock version of Android it is still possible to embed spyware into the baseband (radio) firmware.

              Also, checking the permissions means nothing as any system app that runs as root can ignore permissions.  See FakeGPS which can work even without mock locations enabled if you push it to /system/app (which you have to do yourself via adb).  The only way to tell if the carrier installed Amazon will do stuff like that is to decompile it which even I can't do (I am also not very good at soldering, thankfully pretty much everything is softmods nowadays).

              You have watched Faux News, now lose 2d10 SAN.

              by Throw The Bums Out on Tue Mar 12, 2013 at 08:52:54 PM PDT

              [ Parent ]

              •  Hmm, I hadn't seen pdroid/FakeGPS before, have to (2+ / 0-)
                Recommended by:
                Justus, Throw The Bums Out

                look into those... Looks like I need a new ROM for pdroid support, though.

                But FakeGPS is definitely useful; I'm playing with it right now! Too many crappy apps demanding permissions that they don't need... Now I can just easily let them know I'm in Antarctica, at least for location. (Though it looks like it doesn't play well with network/wifi-based location...guess a kernel-level hack is needed for that.)

                Tcpdumping is also quite useful, if you're looking at things like carrier-installed crap. (E.g., use wifi then tcpdump on your router.) I've found carrier-installed junk transmitting data to random locations when tcpdumping my phone's traffic...

                Annoying how much goddamn trouble we have to go to to ensure some minimal privacy, isn't it? (And how nobody really cares until the inevitable occasional security breach or malware pops up...)

                •  If you are using a AOSP/AOKP/Cyanogen (1+ / 0-)
                  Recommended by:

                  ROM there is an autopatcher that will make them pdroid compatible.  Oh, and while LBE Privacy Guard can do the same thing (though it runs as a service so there is a brief period of time where apps can sneak around it) it is not compatible with Android 3.x/4.x and the English version is no longer being updated.  Oh, and don't forget SetDNS for being able to use your own DNS severs instead of Verizon/ATT/Sprint's (and TitaniumBackup for creating encrypted backups of all your data and apps).

                  As for security, are you aware that Sony used the same exact number as the "random number" for generating their PS3 keys which made cracking them a matter of simple algebra?  That's right, the "unbreakable" PS3 laid low by a simple act of stupidity in key generation.

                  But yes, isn't it sad that you have to hack into your own computer to get any kind of reasonable security on phones/tablets nowadays?  Note that blackberry has permission revocation/customization built in.  For a while Cyanogenmod did as well but it was removed for "being hostile to advertisers".

                  You have watched Faux News, now lose 2d10 SAN.

                  by Throw The Bums Out on Tue Mar 12, 2013 at 09:37:05 PM PDT

                  [ Parent ]

                  •  I'm paranoid enough to SetDNS and log it all :) (1+ / 0-)
                    Recommended by:
                    Throw The Bums Out

                    Pointed at one of my servers [non-VPS, since I don't even trust the privilege separation on the various virtualization engines, having audited enough of that code in the past...]

                    Hmm, it looks like the Cyanogen version I have will work with a pdroid patch. Will have to play with that in the morning!

                    Even worse than it being sad that we have to hack our own devices for privacy, we now have to worry about the legalities of doing so of course. :(

                    •  Yes, especially software hypervisors that don't (1+ / 0-)
                      Recommended by:

                      take advantage of hardware virtualization (and thus rely on code scanning) are known for being able to break out of.  Ever wonder why OS/2 doesn't work on most of them unless they use hardware virtualization extensions?  Oh, and don't think that even using a full hardware emulator like Dosbox or Bochs will save you if someone really knows what they are doing either.  In fact, some people have broken out of the PSP emulator on the Vita to run native Vita code though nothing has been released publicly yet.

                      Of course, any carrier stuff that wanted to be nasty would use it's own custom DNS querying code and would send everything encrypted to a generic address like an Amazon AWS server using a nonstandard protocol, most likely UDP based.  I guess you have never heard of TCP/IP over SMS either.

                      You have watched Faux News, now lose 2d10 SAN.

                      by Throw The Bums Out on Tue Mar 12, 2013 at 10:53:39 PM PDT

                      [ Parent ]

                      •  I did TCP over DNS at 30K ft recently for fun :) (1+ / 0-)
                        Recommended by:
                        Throw The Bums Out

                        (Not going into what that actually is, but I'm pretty sure you get the idea! But really, it was just to see if it would still work after all these years. And it did...slowly!)

                        And yeah, the carrier crap is amusingly unhidden. It's not worth their while to obfuscate it over other protocols.

                        I think both of us could think of some truly evil ways to hide that crap...e.g. over anonymous tunneled P2P. I hope the day doesn't come when carriers start doing stuff like that to force customers into using their shitty software...

                        •  Yes I have heard of TCP over DNS, which was (0+ / 0-)

                          sometimes used to get around those for pay hotspots (because they didn't filter or redirect DNS traffic) before they caught on.  But yes, carriers just like many other companies are pretty stupid (remember how easy it was to find the PS3 private keys?).  Of course, they aren't willing to spend thousands if not millions of man hours just for the fame and glory even if it isn't cost effective (see the recent project to decap and scan the chips in the 3DS with an electron microscope) which is what gives our side a huge advantage.

                          You have watched Faux News, now lose 2d10 SAN.

                          by Throw The Bums Out on Tue Mar 12, 2013 at 11:14:27 PM PDT

                          [ Parent ]

                •  Oh, and pdroid doesn't affect internet access (1+ / 0-)
                  Recommended by:

                  permissions so you need droidwall (interface to iptables) as well.

                  You have watched Faux News, now lose 2d10 SAN.

                  by Throw The Bums Out on Tue Mar 12, 2013 at 09:44:18 PM PDT

                  [ Parent ]

              •  Spooky (0+ / 0-)

                Went to the link for the FakeGPS and in a little green box, it said:

                "This app is compatible with your [Wireless Carrier] [Phone Brand][Model]".

                And I'm not looking at it on that phone.

                Wait, WiFi is turned on, so maybe it got that through the router????

                •  No, it got it from the google market. There is (1+ / 0-)
                  Recommended by:

                  a file on your phone called build.prop that has that information in it.  As different phones have different CPUs and GPUs (graphics cards) some things, especially high end games, may not work with all phones.  Remember, Android is available for ARM (all the way down to arm v6, kind of like how you had the 386, 486, pentium, pentium 2, pentium 3, pentium 4, i3, i5, and i7), MIPS, and even x86 like your desktop so anything written using native code rather than just Dalvik (i.e. Java, sort of).  Have you had any luck running any PS3 games on your PC recently?

                  You have watched Faux News, now lose 2d10 SAN.

                  by Throw The Bums Out on Tue Mar 12, 2013 at 09:40:33 PM PDT

                  [ Parent ]

                  •  Truly Lucky re: PlayStation (0+ / 0-)

                    I've seen ads for it (them?), but never used one.  And I have no idea what an ARM is in this context.  

                    And I am not likely to study up on it, either, unless I have to.

                    •  ARM is a type of CPU designed for mobile/low (1+ / 0-)
                      Recommended by:

                      power devices which is incompatible with the regular x86 ones in your desktop computer.  As ARM, MIPS, and x86 CPUs are incompatible with each other the software either has to be written using Dalvik (which is write once, run anywhere like Java or Flash) or it has to be rewritten (or at least recompiled) for each one.  Even then sometimes an earlier version of the same one won't be compatible.  Just try running Flash on a Pentium CPU, even a 1GHz Pentium (Xcore86 system on a chip, to be exact) and it won't work because it needs newer instructions not available on Pentium/i586.

                      The Playstaton Portable was Sony's attempt to compete with the Nintendo DS (the Vita is also known as the PSP2/Playstation Portable 2), however because it has a pretty powerful CPU it can be modified using custom (hacked) firmware to run emulators.  Also, it is compatible with the PS1 without having to do full CPU emulation (think Virtualbox/Parallels, not Dosbox).  It turned out that early models had a special recovery mode (which is what Sony uses to rescue a "bricked" system) that could be activated with a specially modified battery which could then be used to fully hack the system.  Of course, later on (after the PS3 was hacked) it was discovered how to "sign" your own software (including custom firmware installers) so it can run without any other hacks because the system thinks it is an official game or demo.

                      You have watched Faux News, now lose 2d10 SAN.

                      by Throw The Bums Out on Tue Mar 12, 2013 at 10:47:48 PM PDT

                      [ Parent ]

      •  What about phones where Amazon Marketplace (0+ / 0-)

        is installed by default and can't be removed without actually hacking (rooting) the phone using a security exploit?  With a few like the Google ones you can just use "adb oem unlock" and then flash but with most of them you have to use all sorts of dirty tricks including kexec and multiple security exploits.  How many people even know what kexec is?  Do you?  Can you compile a kernel yourself?

        You have watched Faux News, now lose 2d10 SAN.

        by Throw The Bums Out on Tue Mar 12, 2013 at 08:31:40 PM PDT

        [ Parent ]

  •  Kaspersky and Symantec do suck. (1+ / 0-)
    Recommended by:

    You're much better off with a complete freeware from a trusted source. Such as Spybot or Ad-Aware.

    Not that it makes spying any better. It's just not that much of an achievement to hide from Kaspersky, Symantec, McAfee or Norton. They're to security what McDonald's is to nutrition.

    "Think. It ain't illegal yet." - George Clinton |

    by jbeach on Tue Mar 12, 2013 at 05:13:40 PM PDT

  •  Tracking Shoppers by WiFi (3+ / 0-)
    Recommended by:
    NoMoreLies, Justus, nightsweat

    This form of tracking operates by placing passive sniffers within the shopping center and looking for SSID query packets.

    To associate with a WiFi Wireless Access Point (WAP), a WiFi client needs to know the ID of the WAP.  To discover that, the client broadcasts a query to all WAPs in the vicinity and waits to hear the responses.  (WAPs with hidden SSIDs will not respond.)  Although they may not promiscuously connect to any old open WAP, most smartphones will by default try to keep the list of nearby WAPs up to date, and that means broadcasting repeated queries.

    The sniffers in the shopping centers listen for these query packets, triangulate the location of the phone, and watch the phone move throughout the facility.  The stated purpose for this is foot traffic analysis -- how do people move throughout the shopping center during the day?  Where are the bottlenecks?  Where is there little or no traffic?

    Mind you, all the tracker sees is the phone's MAC address, which uniquely identifies the WiFi interface in the phone.  Associating that number with an actual person isn't hard, but you'd have to jump through several more hoops of varying intrusiveness to build that link.

    To thwart this, turn WiFi on your phone completely off when you're not using it (there are a few Android widgets that make this easy).

    One other moustache-twirling idea I had would be to write an Android app that regularly sends out a bunch of SSID query packets with bogus MAC addresses.  To the sniffers, it would look like a huge crowd of people moving through the mall.  It would drive the legitimate WAPs nuts, though...

    •  Most phones can't do that as spoofing packets (1+ / 0-)
      Recommended by:

      with other IP addresses requires putting the wifi card in a special mode.  And actually, associating the MAC address with an individual isn't that hard with multiple access points, just triangulate the signal and associate it with information gained from the credit/debit cards used in the checkout lane.  It might take more than one trip depending on how accurate the triangulation is but then you have it.  Or just pay the cell phone companies to give you access to their MAC/IMEI to customer information list.

      Do you seriously think they wouldn't do everything they could to associate those MAC addresses with a real name and address/phone number?  After all, how else would they be able to send you text messages several times a day based on your shopping preferences (which can get annoying even if you have unlimited SMS)?

      You have watched Faux News, now lose 2d10 SAN.

      by Throw The Bums Out on Tue Mar 12, 2013 at 08:37:34 PM PDT

      [ Parent ]

  •  Ten-finger typing, here... (3+ / 0-)
    Recommended by:
    holeworm, out of left field, Justus

    I spent a good part of my real career on the phone, so I am perhaps much less enamored of phones than the entire rest of the world, including the Amish.  But my (cheap, throwaway) cell phone is only really in use when I need to job-hunt.  The rest of the time, it stays home, turned off, unless for some reason I need to make a call or am expecting one -- basically, never.  (I do use it to order Chinese food.)

    But, yes, there are programs out there to follow every keystroke (one hopes one's antivirus and antispyware will detect and deal with the threat, but --) and I think cell phone GPS can be traced even when the phone is turned off (is that true? I don't know).

    So the only way to be completely secure is NEVER do ANYTHING online or wireless you don't want someone to know about.

    And that isn't feasible either.

    Thanks for a terrific diary.

    Irony takes a worse beating from Republicans than Wile E. Coyote does from Acme. --Tara the Antisocial Social Worker

    by Youffraita on Tue Mar 12, 2013 at 06:26:40 PM PDT

    •  so right ... that "to be completely secure" ... (1+ / 0-)
      Recommended by:

      is infeasible.

    •  GPS tracking is overblown... (2+ / 0-)
      Recommended by:
      Youffraita, Justus

      If your phone is truly off, then no, you can't be tracked. You need power to do that. (Yeah, some phones have non-removable batteries, but you can always avoid those.)

      Sometimes GPS is conflated with "providing location", even though GPS just determines your location. Even with GPS off, a smartphone will still get its location via other means (the cell network, or triangulation via databases of wifi networks that have been mapped out.) So being tracked isn't a function of GPS at all, rather just having some sort of access to a smartphone.

      Oh, and if someone REALLY wants to capture your keystrokes, there are plenty of hardware dongles that can be stuck onto the keyboard connection and wouldn't be detected by any anti-malware tools... (Of course, that requires physical access, but still.)

      •  I don't really worry about keystrokes (2+ / 0-)
        Recommended by:
        holeworm, Justus

        and I REALLY don't worry about being tracked, b/c my phone generally stays at home, turned off.  And it ain't very smart -- in fact, I own a dumbphone.  Its IQ is single-digit.

        But the technology is out there, and as the diarist notes, we don't know what our (or any other) government is doing with its spyware.

        Irony takes a worse beating from Republicans than Wile E. Coyote does from Acme. --Tara the Antisocial Social Worker

        by Youffraita on Tue Mar 12, 2013 at 07:20:33 PM PDT

        [ Parent ]

        •  I don't worry about those, either... (1+ / 0-)
          Recommended by:

          I worry more about the slippery slope we're on as far as creating not only more tracking technology, but creating technology that lets OTHER people cause you to be inadvertently tracked.

          I worry less about government spyware than I do identity thieves, really...

      •  Or they will just attach a keystroke logger (1+ / 0-)
        Recommended by:

        to your power meter or use a sensitive antenna to pick up the very weak wireless "broadcasts" that your monitor and even your CPU/RAM put out.

        You have watched Faux News, now lose 2d10 SAN.

        by Throw The Bums Out on Tue Mar 12, 2013 at 08:42:20 PM PDT

        [ Parent ]

        •  Eh, I'd worry about other stuff before TEMPEST :) (1+ / 0-)
          Recommended by:
          Throw The Bums Out

          Not that it's not a potential attack vector (which it is), but if you're at the point where someone's using that sort of monitoring on you...well, you're probably in some sort of espionage situation with tons of other monitoring stuck on top. :)

          Gotta worry about random vans, laser microphones bouncing off windows, and probably need to audit every piece of hardware you obtain down to the chip level and write all your own software, at that point...

          •  However the power meter keylogger will (1+ / 0-)
            Recommended by:

            probably be coming to a "spy electronics" shop near you pretty soon.  In fact the whole point is that while powerline monitoring has been known since 1972 it was considered to be NSA level spy stuff.  The way things are going it won't be long before your average (or even below average) private eye has access to full TEMPEST monitoring/spying equipment by hiring some hobbyist in his garage to build it according to publicly available schematics for a few thousand dollars.

            You have watched Faux News, now lose 2d10 SAN.

            by Throw The Bums Out on Tue Mar 12, 2013 at 08:58:07 PM PDT

            [ Parent ]

          •  Oh, and there are plenty of instructions for (0+ / 0-)

            building your own laser microphones as well for cheap.

            You have watched Faux News, now lose 2d10 SAN.

            by Throw The Bums Out on Tue Mar 12, 2013 at 08:58:55 PM PDT

            [ Parent ]

    •  The problem is that everything is wireless, even (1+ / 0-)
      Recommended by:

      if you are using a laptop on battery power with the wifi card ripped out.  In fact, there is a keystroke logger that can be attached to your power meter(and it only costs $500 to build if you know how to use a soldering iron)!  Note that they say it doesn't work on USB keyboards but it is only a matter of time before it does.

      Why do you think the TEMPEST standards exist?  They exist because every electronic device is a wireless transmitter.

      You have watched Faux News, now lose 2d10 SAN.

      by Throw The Bums Out on Tue Mar 12, 2013 at 08:40:55 PM PDT

      [ Parent ]

  •  Frankly, people are too dumb to understand privacy (4+ / 0-)

    implications of most of this stuff.

    Normally, it's not a problem if other people are being dumb. The problem arises when other people can tag you in Facebook photos (yeah, you can turn it off, but still), or can capture video data into apps with Google Glass, or whatever...

    I actually think Google Glass is pretty cool. But the privacy implications of people walking around with commercialized video cameras running ad revenue-supported software are indeed mind-boggling.

    Malware of the past affected the user mainly; malware of the future gets to affect the user AND anyone the user interacts with. Don't even need malware, just poorly written apps that leak data...

  •  Here’s another point of view (0+ / 0-)

    In the old days, there was lots and lots of gossip. From people at church, from neighbors and friends. Banks closed at 3 PM. Really. And no ATMs to get cash. And if you wrote a bad check at the grocery store, there would be a list (for everyone – your friends and neighbors – to see) on the cash registers saying “NO CHECKS from Andrew Smith.” Or whatever your name was.

    Nowadays, you can get money from an ATM any time of day (which I think is a good thing and I think it’s good that I don’t have to rush to the bank before 3 PM to get cash). And if a child with a cell phone goes missing, we don’t have to call his or her friends and then at midnight call the police and get a search party to trudge around the neighborhood to search for the body of the dead (or drunk) kid. You just find the cell phone.

    Yes, there are cameras at 7-11s and gas stations and ATMs and stop lights. But I don’t care if a 7-11 captures my face on videotape while I’m buying a Snickers bar.

    And if I use a card to get a discount at a grocery store, yes, they store information about me, but so what? They know that I like peanut butter or chicken noodle soup or whatever. How does it harm me that they know what I buy?

    A website called is stalking me on the internet because of cookies on my browser. One morning I was lying in bed with my girlfriend and I told her about the ancient Greek trilogy of plays, “Oedipus Rex,” “Oedipus at Colonus” and “Antigone” – but I couldn’t remember the story of Antigone, so I googled it and got the story. And I clicked on a picture of Antigone by some minor artist from the 19th century. Now Art.Com wants me to buy a copy of that picture. Over and over again. Even on Daily Kos. They must be spending a lot of money on tracking people’s cookies. I think it’s funny that is so relentless. But it doesn’t bother me.

    The government might be tracking me. Or Google. Or Facebook. Or whoever. What is the harm?

    "Stupid just can't keep its mouth shut." -- SweetAuntFanny's grandmother.

    by Dbug on Tue Mar 12, 2013 at 09:30:21 PM PDT

    •  We'll find out soon enuf what the harm is ... (3+ / 0-)
      Recommended by:
      holeworm, Dbug, RiveroftheWest

      ... If the future is all sweetness and light, there'll be nothing more annoying to it than ads popping up for 19th century paintings of figures from Greek mythology. Hooray!

      If the future is more like present-day Bahrain or Syria, I think a lot of people (including a fair few Kossers) will be feeling darker and more bitter about how much is known about us and how easy we are to find.

      I'm not actually suggesting there's a path back to that world where banks close at 3pm and Andrew Smith is embarrassed into clearing up his unpaid checks. Unless technocivilization collapses altogether. And that will be plenty dark and bitter itself, so I don't mean at all that it's something to be wished for.

    •  You have outsourced your privacy to others. (3+ / 0-)
      Recommended by:
      Steve Masover, Dbug, RiveroftheWest

      And in most cases, it won't be anything more than a bunch of annoying ads to buy whatever's being targeted at you.

      But you no longer control your privacy; others now do that for you (and theoretically with good intentions, but that doesn't necessarily translate into good practices.)

      The harm comes when it causes direct impact to your finances, reputation, or other well-being.

      Wanna be one of the guinea pigs when (or whatever site) has a data breach and it's public that "Dbug likes Antigone art [along with all this other strange crap]!"

      If so, why not just fill out a detailed personality and interest profile and post it online, directly connected to any identities you use? (Along with your browsing history and any other "private" data.) We don't even need data breaches here; that kind of stuff is happening even without, on an increasing basis, as people share just a little bit more at a time. But people seem to think it's okay to just share a little...even though it's practically the same as sharing everything, just more slowly.

    •  Oh really? Well then enjoy getting fired and (2+ / 0-)
      Recommended by:
      Deep Harm, Dbug

      (eventually) all of your accounts frozen because some computer software says you are a security risk and possible terrorist based on the kind of art and music you like.  Do you seriously think there won't be things like that or even possibly internment camps in the future (a decade or two) for "high risk individuals"?

      You have watched Faux News, now lose 2d10 SAN.

      by Throw The Bums Out on Wed Mar 13, 2013 at 11:06:07 AM PDT

      [ Parent ]

  •  Wow (1+ / 0-)
    Recommended by:

    I'm really concerned about this. Not for myself. I'm an old fart and there isn't much Big Brother can do to me. What worries me is  future generations. Is it going to be a Star Trek world or are we all going to be assimilated by the Borg? I think that old curse fits here. "May you live in interesting times". Good luck.

    What a fascinating modern age we live in-Capt. Jack Aubrey

  •  We are becoming "The Borg".... (1+ / 0-)
    Recommended by:

    Once we start wearing Google glass, it's game over, We are Borg. You will be assimilated, resistance is futile.

    Whoever controls the media, the images, controls the culture

    by nezzclay on Wed Mar 13, 2013 at 05:14:53 AM PDT

  •  The really weird part is we get so little back. (1+ / 0-)
    Recommended by:
    Steve Masover

    The really weird part is that privacy is being given up with so little being gained in return.

    I bought my wife an iPhone because she wanted one. I don't see the need. I have a phone that works - as a phone. (And keeps its charge for days. Days!)

    I mostly hate everything the iPhone allows her to do (with the exception of Shazam, which I love even though it has replaced me as the guy who knows songs.)  

    I hate that my kids are constantly asking to "play on mommy's phone." We're sitting on a beach and the kids build a sand castle. Wife takes a picture and loads it instantly onto Facebook. Kind of neat, but totally unnecessary.

    And, for this, we've given up our privacy?

    "Jersey_Boy" was taken.

    by New Jersey Boy on Wed Mar 13, 2013 at 05:21:49 AM PDT

  •  Present posters excepted, of course. . . (0+ / 0-)

    Basically the generations who would care about their privacy don't understand the technology, and the generations who understand the technology, don't care about privacy.

    "Jersey_Boy" was taken.

    by New Jersey Boy on Wed Mar 13, 2013 at 05:52:48 AM PDT

  •  I love diaries like this (0+ / 0-)

    I learn so much.  

    I thought some of the stores I go into were just being nice by offering wifi.  Hmmm I guess they want something back.

    Everything is easy if you don't know what you're talking about.

    by chocoholic on Wed Mar 13, 2013 at 07:39:59 AM PDT

  •  The answer is education (0+ / 0-)

    For example, I've been administering email since the late 1970s when we used UUCP to route messages between machines.

    There is no expectation of privacy with email.
    In fact, the way this is usually expressed is that the same privacy rules apply to emails that apply to postcards. Basically, lots of people might happen to read your emails.

    If everyone understood this, would we finally stop seeing articles decrying that so-and-so had their email read by a boss, a co-worker, or a government agent? Perhaps.

    If you want privacy in email, it's easy and free to encrypt your messages. If you also need to protect your identity and that of your correspondents, there are plenty of anonymous email addresses available out there, and proxies you can use to access their servers. And in the most extreme case, there is also tormail. Once you are educated, your emal doesn't own you.

    As for the webcam snooping, yes it was a scandal, a tremendous one, and people got into major trouble for it. It against the law what they did. This isn't a pernicious piece of technology that owns you, it is an abuse of power by thoughtless, ignorant people. But once you know that it's possible to it, you can (1) see if the light on your cam ever lights up on its own, and raise holy hell if it does, and/or (2) if you're really parano, put a piece of opaque tape (or tin foil) over the lens of your cam. But this kind of abuse has nothing to do with technology, it's the same as window-peeping or listening in on telephone calls.

    The other stuff: using GPS to restrict permissions, or OCR/pattern recognition to target advertising, what's wrong with it, as long as everyone understands that it will happen? It happens on the web: it even happens on Daily Kos. Advertising is pernicious stuff, but we as a society have made the judgment that we will trade our time viewing advertising in order to avoid having to pay the full price for things we consume, such as radio, TV, and Internet. That this also be true on our smart phones should surprise no one. And let's face it: the more well-targeted advertising is, the less of it is needed and the less obnoxious it becomes. If I'm thinking about wines a lot, comparing this one to that one, taking notes, going to tastings, well, ads about products related to wines are going to be much less annoying to me than ads about, say, scented douche products or hot young Ukrainian blondes who want to be my pen pal. This is Google's bread and butter. Once you are educated about it, it no longer owns you.

    •  Actually it does. Are you willing to have all (0+ / 0-)

      that tracking information be publicly available to everyone because that could very well happen.  Also don't forget how easily it could be used against you by employers, insurance companies, and even a future government.  Would you trust President Cheney or Negroponte with all that data on you not to use it to determine you are a "bad person" and order all your accounts frozen or even order you detained indefinitely?

      You have watched Faux News, now lose 2d10 SAN.

      by Throw The Bums Out on Wed Mar 13, 2013 at 11:08:56 AM PDT

      [ Parent ]

      •  If you know about it then you have a choice (0+ / 0-)

        In other words, it's all part of the package. If you decide to buy the package, then you get both the good and the not so good parts.

        Where people get into trouble is when they don't know about it in advance.

        As for your question, I don't really mind people knowing what I take pictures of or where I go. If I did, I'd certainly take it into account when I bought a phone or whatever.

  •  The Maker Movement (0+ / 0-)

    There are plenty of reasons the Maker Movement is gaining steam.  Being able to control what your hardware does for and to you is just one of them.

    "Don't be defeatist, dear. It's very middle class." - Violet Crawley

    by nightsweat on Wed Mar 13, 2013 at 09:04:56 AM PDT

    •  Not to mention the Defective By Design (1+ / 0-)
      Recommended by:

      Campaign.  Ever wonder why the Free Software Foundation exists?  Well that kind of stuff is one of the main reasons it is still going strong.  The Maker Movement is just the hardware version of the Free Software movement which has been going on for decades.

      You have watched Faux News, now lose 2d10 SAN.

      by Throw The Bums Out on Wed Mar 13, 2013 at 11:12:09 AM PDT

      [ Parent ]

  •  Allow me to offer a truly HERETICAL ... (0+ / 0-)

    ... option: leave your devices in the car or at home. BTW, I'm no luddite, what with owning both a Nexus 4 phone AND a Nexus 7 tablet.

    Penn State - Rug too small, dirtpile too big, not enough brooms.

    by WereBear Walker on Wed Mar 13, 2013 at 09:50:11 AM PDT

  •  Rule #1 with cameras and mics; put tape over them. (0+ / 0-)

    If you have a usb-cabled movable webcam, move it back behind your PC unless you are using it.  And that's not just to prevent spying, it's to prevent embarrassments.  Not long ago I was on a web-based screen-share meeting with a remotely located coworker.  We were just supposed to be sharing screens. He didn't realize that his camera was on until I joked that anyone drinking a Starbucks coffee THAT large is overpaid.

    Most people I work with have a small piece of unobtrusive electrical tape over their laptop camera when not in use.

    Gentlemen, you can't fight in here! This is the War Room!

    by bigtimecynic on Wed Mar 13, 2013 at 10:59:00 AM PDT

  •  I'm watching "Fight Club" right now. n/t (0+ / 0-)

    Waiting for reccs.

    "Jersey_Boy" was taken.

    by New Jersey Boy on Wed Mar 13, 2013 at 03:47:13 PM PDT

  •  electronic tresspassing (2+ / 0-)

    I always considered that if someone puts something on my personal electronic property a.k.a. computer without my knowledge or authorization that they have trespassed albeit electronically. Of course there is  that 15 page users agreement that you must say "yes" without ever reading the provides all the sordid details on how they can basically camp out on your computer.

    So where did I put those envelopes and sealing wax..

    Loved this: "Tinfoil milliners"

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site