Government snooping, backdoors and #necessaryhashtags

[ewmayer]

o A Good Reason to Encrypt Your iPhone: To Prevent DEA from Creating a Fake Facebook Account | Marcy Wheeler

Quote:

We learned about shadow profiles last year when security researchers at a company called Packetstorm discovered Facebook was maintaining its own files on users’ contacts. For example, if Facebook found two users were connected to a non-member—say, bob@wired.com—it would pool other information—different phone numbers, for example—into one master dossier.
...
Meanwhile, we have an appalling new look at what law enforcement does once it gets inside your smart phone. A woman in Albany is suing DEA because — after she permitted DEA to conduct a consensual search of her phone — DEA then took photos obtained during the search, including one of her wearing only underwear, and made a fake Facebook page for her with them. They even sent a friend request to a fugitive and accepted other friend requests. They also posted pictures of her son and niece, on a site intended to lure those involved in the drug trade.

And the best part of all is supplied by a reader who comments: The border exception runs 100 miles inland. It covers around 2/3s of the US population.

o Adobe is Spying on Users, Collecting Data on Their eBook Libraries | The Digital Reader

Quote:

This is a privacy and security breach so big that I am still trying to wrap my head around the technical aspects, much less the legal aspects.

On a technical level, this kind of mistake is not new. Numerous apps have been caught sending data in clear text, and others have been caught scraping data without permission (email address books, for example). What’s more, LG was caught in a very similar privacy violation last November when one of their Smart TVs was shown to be uploading metadata from a user’s private files to LG’s servers – and like Adobe, that data was sent in clear text.

Sorry, I'm not buying the 'mistake' blanket excuse for such stuff anymore. Software that not only phones home with your Adobe download info but snarfs up other stuff on your system simply does not come into being by 'mistake'.

o Microsoft’s Windows 10 has permission to spy on you | TechWorm
Reader comment:

What about Windows 8, which I have? Back in June MSFT sent me an email updating their policies, stating:

“As part of our ongoing commitment to respecting your privacy, we won’t use your documents, photos or other personal files or what you say in email, chat, video calls or voice mail to target advertising to you.”

I read that as saying “we monitor your every keystroke, but rest assured we won’t sell it to advertisers”. That sure is comforting.

[ewmayer]

o Feds identify suspected ‘second leaker’ for Snowden reporters | Yahoo News

o Report Reveals Wider Tracking of Mail in U.S. | NYTimes

[only_human]

Sneaky Verizon is tracking activity of mobile customers with invisible cookie

Quote:

Verizon Wireless is under fire from privacy and security advocates for tampering with user web activity and injecting user identification codes.

These identifiers allow advertisers, hackers and virtually anyone with access to the code to track users connected to the Internet via Verizon's network.

These codes, which act like permanent cookies that cannot be deleted, were first pointed out by Jacob Hoffman-Andrews, a researcher at the Electronic Frontier Foundation (EFF).

Quote:

Hoffman-Andrews, however, argues that even if Verizon does not track users' activities online, advertisers still can. The identifying headers, as Lewis confirms, cannot be deleted. This means other privacy protection tools and methods, such as deleting cookies, clearing cache, enabling Do Not Track and AdBlock extensions, are rendered useless because of Verizon's identifiers.

For now, the only way for users to block Verizon from using identifying headers is to visit websites encrypted with SSL or to access the Internet through their own Wi-Fi network or Virtual Private Network.

Emphasis added

[ewmayer]

I’m Terrified of My New TV: Why I’m Scared to Turn This Thing On — And You’d Be, Too

Quote:

The amount of data this thing collects is staggering. It logs where, when, how, and for how long you use the TV. It sets tracking cookies and beacons designed to detect “when you have viewed particular content or a particular email message.” It records “the apps you use, the websites you visit, and how you interact with content.” It ignores “do-not-track” requests as a considered matter of policy.
....
The TV boasts a “voice recognition” feature that allows viewers to control the screen with voice commands. But the service comes with a rather ominous warning: “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.” Got that? Don’t say personal or sensitive stuff in front of the TV.

As a fellow neo-Luddite said, "I can see the next 30 years of my future -- spending time and money on eBay to buy 'obsolete dumb devices'."

[retina]

Quote:

Originally Posted by ewmayer

I’m Terrified of My New TV: Why I’m Scared to Turn This Thing On — And You’d Be, Too

As a fellow neo-Luddite said, "I can see the next 30 years of my future -- spending time and money on eBay to buy 'obsolete dumb devices'."

I'd guess it is not much different from JS sending unknown information to unknown places at unknown times for unknown reasons. I am glad that I don't have any type of television device except for my computers which I can keep tight control over.

[LaurV]

Quote:

Originally Posted by retina

except for my computers which I can keep tight control over.

Dream on!

[retina]

Quote:

Originally Posted by LaurV

Dream on!

Well I did say "can", not "do".

[xilman]

For a little light relief, this is how we handle things on this side of the pond.

http://www.bbc.co.uk/news/uk-29939192

[kladner]

.....To Manipulate US Election Turnout
http://www.addictinginfo.org/2014/11...al-experiment/

I wonder if Google has played any such games.

I put this here because the technology is basically the same as that used in surveillance. Subliminal manipulation by filtering the data stream users receive is just another head on the hydra of social control.

[ewmayer]

“ISPs Removing Their Customers’ E-mail Encryption”

Quote:

Bob sent me a post from Slashdot which should serve as a wake-up call as to how difficult it is to protect yourself on the Internet if you are a mere mortal. They quote an Electronic Frontier Foundation report on how encryption is being subverted:

Another network-tampering threat to user safety has come to light from other providers: email encryption downgrade attacks. In recent months, researchers have reported ISPs in the US and Thailand intercepting their customers’ data to strip a security flag—called STARTTLS—from email traffic. The STARTTLS flag is an essential security and privacy protection used by an email server to request encryption when talking to another server or client.

"The TOR mess" gets a mention at the end.

[ewmayer]

DRTBOX and the DRT surveillance systems

Quote:

"DRT has developed a device that emulates a cellular base station to attract cell phones for a registration process even when they are not in use. During this registration process calls are not disrupted. All calls, including 911 calls, are released, including those made from the contraband cell phones. The DRT device identifies cell phones as “not of interest” or “of interest” (i.e., the contraband cell phones).

Cell phones not of interest, such as those belonging to prison personnel or commercial users in the area, are returned to their local network. Cell phones of interest are forced to transmit so that the DRT device can locate them by calculating a line of bearing.

In one mode of operation, the DRT device then returns the cell phone to its network, permitting it to send and receive calls. In another mode of operation designed for use by federal law enforcement entities, the cell phone can be locked onto the DRT device, preventing its contraband use."