jarrodwhaley.com

I make films. I'm also a nerd.

Posts Tagged ‘privacy’:

Facebook Openly Breaks European Privacy Law

Samuel Gibbs, The Guardian:

Facebook tracks the web browsing of everyone who visits a page on its site even if the user does not have an account or has explicitly opted out of tracking in the EU […]

The real question is: what will the EU do about it.

A: Absolutely nothing.

Facebook Caching Data Not Even Given to Them

Pierluigi Paganini of Security Affairs:

Facebook is analyzing thoughts the writing [sic] that users have intentionally chosen not to share.

The article claims that when a user begins to type something into the status update field and then changes her mind about sharing it (or in other words, censors herself), Facebook actually keeps that text and runs data analysis on it.

I don’t know if it’s fair to say that Facebook is “analyzing thoughts,” exactly, and I don’t think there’s any reason to think that any interaction with Facebook at all is in any way connected with anything even remotely related to privacy. My sense is that humanity as a whole seems eager to do away with the very notion of privacy, so who cares?

Android Flashlight App LoJacks Users

Alice Truong, Fast Company:

The Android app Brightest Flashlight has been installed between 50 million and 100 million times, averaging a 4.8 rating from more than 1 million reviews. Yet its customers might not be so happy to learn the app has been secretly recording and sharing their location and device ID information.

I’m willing to bet a non-negligible amount of money, actually, that the number of shits given among those who’ve installed this app is less than or equal to 0.01. These users will never even know that their movements are filling a creepy database, and they wouldn’t care a whit even if they did know.

The NSA Database Is Nothing Compared To This

Scott Shane and Colin Moynihan for The New York Times:

For at least six years, law enforcement officials working on a counternarcotics program have had routine access, using subpoenas, to an enormous AT&T database that contains the records of decades of Americans’ phone calls — parallel to but covering a far longer time than the National Security Agency’s hotly disputed collection of phone call logs.

Some of these records are 26 years old, predating by far even the dubious statues which supposedly justify this sort of intrusion. First it's terrorists. Then it's drug dealers. What next? Political dissidents? Political or social or racial minorities?

We're getting snared in a giant fascistic trap, and most of the population is clapping and shouting “Woo!”

Mandatory Blood Draws In Tennessee This Weekend

The Inquisitr:

Holidays are the only excuse most Americans need to get some alcohol in their system and party it up. This is all well and good, but the Tennessee police are demanding that you not drive in those cases. As faulty as breathalysers can be, they’re upping the ante, at least in Tennessee. Drunk or not, if you pass a DUI checkpoint this Labor Day in Tennessee and they suspect you’re impaired in any way, prepare to face the needle.

In this (and in other) piece(s), the cited reaction from John Q. Public is more or less: “I think this is good, because people die from drunks and stuff, so please flush all of my human rights down the shitter.”

America is dead.

Ladar Levison May Be Arrested For Shutting Lavabit Down

NBC News:

The owner of an encrypted email service used by ex-NSA contractor Edward Snowden said he has been threatened with criminal charges for refusing to comply with a secret surveillance order to turn over information about his customers.

"I could be arrested for this action," Ladar Levison told NBC News about his decision to shut down his company, Lavabit LLC, in protest over a secret court order he had received from a federal court that is overseeing the investigation into Snowden.

Let’s take a minute to applaud the size of this guy’s balls. He’s willing to go to jail in order to protect his customers’ data. Henry David Thoreau would be proud.

Email Is Inherently Insecure

The recent shutdowns of Lavabit and Silent Circle—two supposedly "secure" email providers—demonstrate perfectly the limitations of the medium. MIT Technology Review notes:

When e-mail was created 40 years ago, security or anonymity wasn’t part of the design. The routing and labeling protocols plainly state what computer sent it or forwarded it, what computer received it, and what time all this happened. “There are far too many leaks of information and metadata intrinsically in the e-mail protocols themselves,” says Mike Janke, CEO of Silent Circle, whose customers include people in companies and government agencies with secrets to protect. “It doesn’t matter what you try to do with e-mail, there are these inherent weaknesses. So we got rid of Silent Mail [the company’s e-mail service]. We deleted all of it, burned it, and threw it in the ocean with locks and chains on it. People lost all their e-mail, but the response went from ‘Why would you do this?’ to ‘Thanks for doing this.’ “

Even if your email is encrypted by your provider, that provider will have to give the key(s) to any law-enforcement agency who cares enough to ask for it. Furthermore, the email protocol itself is exceedingly transparent about who sent the mail and who sent it. A lot of information about you is revealed even if you go to great lengths to encrypt your communications with the greatest crypto-nerd care.

This Gmail privacy kerfuffle is ridiculous. As soon as you hand your message to a third party, you lose any reasonable expectation of privacy. It’s not only the law, it’s just common sense. Remember trying to pass a "secret" note in elementary school, only to have it unfortunately intercepted by some dickhead middleman? It’s like that.

Pigs and Trolls

Bruce Sterling has a brief laugh at the absurd ineffectualness displayed by the government in all of this Snowden business:

The pigs in Orwell’s “Animal Farm” have more suavity than the US government is demonstrating now. Their credibility is below zero.

[…] Even US Senators are decorative objects for the NSA. An American Senator knows as much about PRISM and XKeyScore as a troll-doll on the dashboard knows about internal combustion.

Nobody elected the NSA.

Digital Dead Drop is a Secure Web Notepad

Inspired by the Ender’s Game books, Tyler Spilker has written a dead-simple Python-based Web app called Digital Dead Drop; it’s designed to run on a local or remote server, and provides a quick and secure method with which to jot down a few thoughts and save them on the server side. Nothing is stored locally, so there’s no problem if your phone is lost. It’s a pretty cool idea.

The NSA Can Reportedly Track the Location of Cell Phones Even When They’re Turned Off

Here’s some more insanity; Ryan Gallagher of Slate reveals stunning new details about the NSA’s ability to track us:

On Monday, the Washington Post published a story focusing on how massively the NSA has grown since the 9/11 attacks. Buried within it, there was a small but striking detail: By September 2004, the NSA had developed a technique that was dubbed “The Find” by special operations officers. The technique, the Post reports, was used in Iraq and “enabled the agency to find cellphones even when they were turned off.” This helped identify “thousands of new targets, including members of a burgeoning al-Qaeda-sponsored insurgency in Iraq,” according to members of the special operations unit interviewed by the Post.

The article goes on to speculate that perhaps these phones are being infected with malware, or maybe that the government injects tracking code into updates to a phone’s operating system. This whole thing just keeps getting creepier—who’d have thought that something like this could even be technically possible?