Category Archives: Spying

Why I have repeatedly stated there is no such thing as “anonymized location data”

In the data drawn from apps, each cellphone is typically represented by an alphanumeric identifier that isn’t linked to the name of the cellphone’s owner. But the movement patterns of a phone over time can allow analysts to deduce its ownership—for example, where the phone is located during the evenings and overnight is likely where the phone-owner lives.

Source: U.S. Government Contractor Embedded Software in Apps to Track Phones – WSJ

Let’s just mandate it: “NSA Warns Cellphone Location Data Could Pose National-Security Threat”

The National Security Agency issued new guidance on Tuesday for military and intelligence-community personnel, warning about the risks of cellphone location tracking through apps, wireless networks and Bluetooth technology.

The detailed warning from one of the nation’s top intelligence agencies is an acknowledgment that Silicon Valley’s practice of collecting and selling cellphone location information for advertising and marketing purposes poses a serious national-security risk to many inside the government….

Source: NSA Warns Cellphone Location Data Could Pose National-Security Threat – WSJ

In December 2019, the FAA released a Notice of Proposed Rulemaking requiring mandatory radio-based Remote Identification and tracking of all hobby radio controlled aircraft weighing more than 250 grams (about 1/2 pound). The Final Rule is expected in December of 2021. The NPRM itself eventually ends the radio control model aircraft hobby that currently exists, makes it legal to fly only certified, manufactured drones that are tracked in real time. The primary purpose is to clear the air space above your home and turn it over to AmazonGoogleUPS. The FAA asserts all rights to the airspace in your back yard, for example.

Every remote controlled aircraft would be required by Federal regulation to connect to the Internet and log its activities in an Internet cloud database, in real time. Those providing the cloud databases may offer them for free in exchange for who knows what – but the FAA itself proposed they might collect photo images and telemetry – such as WiFi and Bluetooth communications collected by the craft.

In effect, the FAA mandates a nationwide low level altitude surveillance network of potentially millions of drones collecting data in real time and logging it in data bases – that may as well be located in China.

Meanwhile, the US DoD and the US Department of the Interior banned the use of Chinese made drones over fears of their use for espionage.

While the left hand bans drones from collecting data, the right hand mandates that all drones must collect potentially invasive data on behalf of foreign organizations.

We know that U.S. firms and others are collecting massive amounts of private data through the use of apps on our smart phones. Google itself collects your location data, even when you turn location services off.

The primary business function of the Internet is surveillance to be used for many purposes.

When was the last time the media hyped a “drone sighting”? I can’t even remember.

Reports to the FAA of “drone sightings”, used by Congress and the FAA to drive forth draconian remote identification and mandated national surveillance networks using drones, with the goal of pricing drone flying out of the public’s reach – were based on bad data and media hysterics, much of which was false reporting.

  • Remember the Aeromexico flight in late 2018 that had a collapsed nose cone? The media blamed that on a drone. Six months later the official investigation found it was due to a maintenance defect on the nose cone.
  • Remember the Gatwick Airport fiasco? The only confirmed drone sightings were of the fleet of surveillance drones operated by the Sussex Police over the airport.
  • Remember the temporary Newark Airport closure due to a “drone sighting”? That drone report was from 20 miles away from the airport and may not have even been a drone at all.

Take a look at this – drone sightings have magically disappeared: Drone Sightings: The Actual Non-Hyped Numbers Analyzed (Graphs, Trends, etc.)

After awhile, when the FAA isn’t stealing Youtube content, they seem to have been busy making up fake drone reports to justify a remote ID proposal that mandates all drones be connected to the Internet cloud, in real time, and used as part of a massive national surveillance program, collecting imagery and telemetry and potentially sending it to China. Brilliant. Not like any drones would so something like that.

The FAA’s primary goal is to make hobby flying of radio control model aircraft so expensive and cumbersome as to eliminate it entirely. The reason is to clear the low altitude airspace for AmazonGoogleUPS delivery drones. The FAA asserts that it and it alone owns the airspace in your front and backyards from the ground up. Literally, the airspace below your head when you stand outside is controlled by the FAA and they intend to use it for corporate delivery and surveillance networks. (See my comments to see how that works.)

Rite Aid used facial recognition in cameras in stores serving poor customers

Claims they’ve turned it off due to “industry conversation” about such technology. The tech is kinda useless when everyone is required to wear an airway restriction device over their face:)

In the hearts of New York and metro Los Angeles, Rite Aid deployed the technology in largely lower-income, non-white neighborhoods, according to a Reuters analysis. And for more than a year, the retailer used state-of-the-art facial recognition technology from a company with links to China and its authoritarian government.

Source: Rite Aid deployed facial recognition system in hundreds of U.S. stores

DJI’s Go 4 Android app found to have significant spyware capabilities, possibly unused

In my comments to the FAA regarding their NPRM to require mandatory Remote ID and data logging into cloud-based data bases, I pointed out that the FAA was establishing a nationwide aerial surveillance network. This finding appears to validate my comments to the FAA:

According to the reports, the suspicious behaviors include:

The ability to download and install any application of the developers’ choice through either a self-update feature or a dedicated installer in a software development kit provided by China-based social media platform Weibo. Both features could download code outside of Play, in violation of Google’s terms.

A recently removed component that collected a wealth of phone data including IMEI, IMSI, carrier name, SIM serial Number, SD card information, OS language, kernel version, screen size and brightness, wireless network name, address and MAC, and Bluetooth addresses. These details and more were sent to MobTech, maker of a software developer kit used until the most recent release of the app.

Automatic restarts whenever a user swiped the app to close it. The restarts cause the app to run in the background and continue to make network requests.

Advanced obfuscation techniques that make third-party analysis of the app time-consuming.

Source: Chinese-made drone app in Google Play spooks security researchers | Ars Technica

DJI admits the software has these capabilities with this double speak:

DJI officials said the researchers found “hypothetical vulnerabilities” and that neither report provided any evidence that they were ever exploited.

The FAA said they processed all 50,000+ public comments received in regards to their NPRM on Remote ID in just 60 days and are now full speed ahead on implementing their final rule, to be released in December of 2020. My expectation is the FAA will ignore most public input and will ram this rule through at all costs, as they were bought off by AmazonGoogleUPS. While the rule will not ban drones, it is likely to make flying a personal drone expensive and difficult, with mandatory real time tracking and logging into cloud databases of every flight – in other words, a potentially de facto ban on most personal flying. Their proposed rules, in fact, do call for the eventual banning of all home made radio controlled airplanes – a large hobby that has existed safely for over 90 years.

The FAA is, like most government agencies now, acts as authoritarian tyrant.

Australia’s Bluetooth-based contact tracing app deemed largely irrelevant

Says they’ve identified a total of … one person:

The PM told Australians in April the contact tracing app was key to getting back to normal but just one person has been identified using its data

Source: How did the Covidsafe app go from being vital to almost irrelevant? | World news | The Guardian

Remember, Singapore pulled their Bluetooth app. Norway used both Bluetooth and GPS and pulled their app for EU privacy problems. The UK’s been testing their Bluetooth app on the Isle of Wight – was supposed to have gone nationwide more than a month ago but since then, things have gone quiet.

Our temporary foreign work visas have turned into “spy visas”?

Politico says Silicon Valley is swarming with non-traditional spies, especially from China but also from other countries. Most are apparently working at tech companies in Silicon Valley and San Francisco.

It’s as if our program of recruiting hundreds of thousands of temporary tech workers from other countries (almost entirely from India and China) has turned into a self inflicted spying and IP theft operation. Who could have seen that coming?

Chinese officials bussed in 6,000-8,000 J-Visa holding students—threatening them with the loss of Chinese government funding

….

Chinese intelligence has long focused on surveilling, and attempting to control, Chinese nationals studying abroad. One well-documented mechanism for this effort has been the use of Chinese Students and Scholars Associations groups on university campuses.

Source: How Silicon Valley Became a Den of Spies – POLITICO Magazine

Data mining enables many companies to discern your health conditions

Data brokers compile health and frailty profiles that have wide-ranging applications for drug companies, advertisers, insurers and other buyers.

Source: How bits of captured data paint a stealth portrait of your health

They do not need access to your protected[1] health care records. Instead, companies are data mining your credit card purchases, your public social media, your online purchase habits and a host of other data points to guess at your health situation and assign you a “health score”.

This secret health score could be used by insurance companies to change your life insurance premiums, or by a prospective employer to deny you a job because your health score is not good enough for them.

You have no idea what data they have collected and analyzed, nor what score they have assigned to you. The data itself is often incorrect (as I recently found) and their assumptions about you are often wrong too. But there is no way to correct their secret health score.

Microsoft urges regulation of face-recognizing tech

  • When face recognition is used to gain access to a secure location or function, what happens when one’s likeness is stolen and reproduced?
  • What happens when the local police monitor all political rallies and use facial recognition to identify each individual in attendance?
  • What if businesses scan your face upon entry and dynamically change prices based on their estimates of your income and wealth?

Microsoft’s chief legal officer on Friday called for regulation of facial recognition technology due to the risk to privacy and human rights.

Source: Microsoft urges regulation of face-recognizing tech

Really glad to see Microsoft addressing these issues and working to take privacy seriously as a competitive alternative to Facebook and Google.

Disclosure: I am a former Microsoft employee.