Category Archives: Privacy

Privacy: Spooks figure out ways to trick you into not using encryption

Picsix’s tool creates a fake cell tower that can fool a target’s phone into transmitting data to it. The device cannot read encrypted data, but instead tries a different tactic to get private information: making encrypted apps glitchy or even totally unusable. It’s a subtle but strong way to push a frustrated target away from a private app and toward a non-encrypted service that can easily be intercepted and eavesdropped on. The encryption itself is never broken—it is simply rendered useless.

Source: Cops see an encryption problem. Spyware makers see an opportunity. – MIT Technology Review

A call for a code of tech ethics?

Facebook and the like need to craft a professional code of ethics for the technology industry.

Source: A Facebook request: Write a code of tech ethics – Los Angeles Times

Where this is headed, naturally, is the concept of licensed professional engineers (P.E.) in software engineering. Development of a professional engineering licensing exam for software engineering was done many years ago. I believe Texas was the only state to offer the exam; however, due to low participation, they are discontinuing the software engineering PE exam as of April 2019.

How your phone’s location history is used against you

The FBI recently demanded from Google the data about all people using location services within a 100-acre area in Portland, Maine, as part of an investigation into a series of robberies. The request included the names, addresses, phone numbers, “session” times and duration, log-in IP addresses, email addresses, log files and payment information.

Source: Can the police search your phone? | Computerworld

Police may have used location history is to see who has crossed paths of a person they were tracking. For example, suppose police are tracking an illicit drug distribution ring. Dealers meet with customers to deliver drugs.

In order to identify potential customers, police can see whose location data puts them in close proximity to the distributor they are tracking. Merely by being around a distributor, you then become a potential target of police operations.

Google admits turning off ‘location history’ does nothing

Google admits they spy on you always: Google has changed a help page that erroneously described how its “Location History” setting works,…

Even when Location History is set to off, Google’s Android continues to track your location. Google uses your highly detailed location information to discern your interests, where you shop, why type of health problems you may have (by virtue of which doctors or therapists you visit) and more.

Source: Google admits turning off ‘location history’ does nothing | SocialPanic.org

The reason Google tracks your location, everywhere you go

We now know that even with Location Services disabled, Google still tracks and records your every move. The data is collected, ostensibly, for targeted advertising. An advertiser could request thei…

Source: The reason Google tracks your location, everywhere you go | SocialPanic.org

It’s all about knowing where you shop, and where you go. An enormous amount of data may be discerned from your location data – even your health records. Seriously.

Social Panic is one of my other blogs. Please check it out.

Data mining enables many companies to discern your health conditions

Data brokers compile health and frailty profiles that have wide-ranging applications for drug companies, advertisers, insurers and other buyers.

Source: How bits of captured data paint a stealth portrait of your health

They do not need access to your protected[1] health care records. Instead, companies are data mining your credit card purchases, your public social media, your online purchase habits and a host of other data points to guess at your health situation and assign you a “health score”.

This secret health score could be used by insurance companies to change your life insurance premiums, or by a prospective employer to deny you a job because your health score is not good enough for them.

You have no idea what data they have collected and analyzed, nor what score they have assigned to you. The data itself is often incorrect (as I recently found) and their assumptions about you are often wrong too. But there is no way to correct their secret health score.

Continued: Venmo lies about their priority of privacy

Venmo declined to say why it makes full public disclosure the default setting, but a company spokesperson told CNNMoney that “the safety and privacy of Venmo users and their information is one of our highest priorities.”

Source: A researcher studied a year of public Venmo transactions. Here’s what she learned

That’a a lie, as I showed 5 weeks ago:

Someone entered my email address for their account at Venmo. Month’s ago. Apparently Venmo NEVER VERIFIED the email address. Consequently, I receive their emailed financial transaction correspondence – for several months. Guess their customer never noticed they were not receiving emails? (Or is Google broken and one email address is being delivered to different people? Anything is possible!)

I successfully changed the password on a Venmo account that was not mine.

Never, ever use Venmo for transactions if you care even the slightest about keeping your transactions private.

#Google’s #Android was developed first and foremost as a spying tool, may be sanctioned by the European Union

For Google, the consequences could prove vast. Packaging tools like search, and including them on Android devices, offers the company a way to capture data about users — and show them more ads. Eliminating that pathway for profits and insight could prompt Google to rethink the entire ecosystem for Android, which it licenses to device makers free in a bid to ensure its wide-scale adoption while warding off such competitors as Apple.

Source: Google could face record European Union antitrust fine for Android – The Washington Post

A long time ago I recognized that Android is an invasive surveillance system. You see this in that to use GPS for any app, you are required to disclose your location directly to Google too. Google uses machines to monitor your location, to read your email, take notes and analyze your correspondence, including purchases and financial transactions that result in emailed receipts to you. Google’s Chrome is free because its main purpose is to track your every web page visit across the web as part of the Google surveillance network.

Google’s system, however, is also prone to erroneous conclusions and assumptions about us. I frequently receive email intended for someone else but Google does not know that and the content of that email is integrated into their (false) dossier on me. Today, one of California’s largest health systems emailed to my GMail account a 101 page detailed medical history of a patient, clearly violating HIPAA. First, in 2018, how is this even possible to email a medical record with no security? Second, Google’s artificial intelligence without question read this record and deduced aspects of my health – even though this record has nothing to do with my own health. Google’s AI won’t know that however because the patient has the same name as me.

Bottom line: Google’s “free” Android, Chrome, Gmail and other services are designed specifically as surveillance tools to gather as much information as possible about each and everyone of us for the purposing of marketing something to us. When we think of marketing, we usually think of products or perhaps services. But often times, the goal is to market ideas – and effectively this becomes a mechanism for highly focused propaganda messaging encouraging us to adopt someone else’s agenda.

How your phone is used to track you as you move through a store

Ultrasound “beacons” are set up in various locations such as within stores. Apps that run on smart phones are constantly listening for ultrasound beacons (which are emitted above the audible range so we cannot hear them). Each beacon can encode a unique ID to be used to determine proximity to a specific location.

In some cases, ultrasound or other types of audible signals can be embedded in television or audio programming and apps can detect what you are listening to.

Two studies have examined the deployment and implications of ultrasonic beacons. Arp et al. measured the prevalence of ultrasonic beacons in the wild, and found them deployed on websites and in stores. Furthermore,they found 234 apps in the Google Play Store that were constantly, passively monitoring for these beacons, in order to track users’ online and offline browsing behaviors [28]. Mavroudis et al. consider various attacks against users that leverage ultrasonic beacons, including de-anonymizing Tor users [59].

Source (academic paper): Panoptisypy: Characterizing Audio and Video Exfiltration from Android Applications

Numerous apps are using access to the array of environmental sensors (including cameras, microphones and more) to assess the environment in which the phone is being carried.

Fascinating details: “The NSA’s Hidden Spy Hubs In Eight U.S. Cities”

These fortress-like AT&T buildings are central to a secret NSA program that has monitored billions of communications, documents and sources reveal.

Source: The NSA’s Hidden Spy Hubs In Eight U.S. Cities

Stephen Budiansky, in his book, Code Warriors, explains how the pre-cursor to the NSA tape recorded communications prior to and during WW II. As they worked to decrypt and interpret contemporary messages, access to older communications proved invaluable to understanding current events and why enemies were making the decisions they were making.

In a similar way, the NSA records and stores large quantities of communications in the event that a future situation will benefit from analysis of past communications. For this reason, the NSA built enormous data centers, such as the NSA Data Center near Provo, Utah, specifically to store enormous quantities of digital data including phone calls, radio signals, text messages, emails, and general Internet data traffic. Much of this data collection may never be accessed – except in time of national emergencies or war.