Motorola Is Listening 287
New submitter pbritt writes "Ben Lincoln was hooking up to Microsoft ActiveSync at work when he 'made an interesting discovery about the Android phone (a Motorola Droid X2) which [he] was using at the time: it was silently sending a considerable amount of sensitive information to Motorola, and to compound the problem, a great deal of it was over an unencrypted HTTP channel.' He found that photos, passwords, and even data about his home screen config were being sent regularly to Motorola's servers. He has screenshots showing much of the data transmission."
Don't you know... (Score:5, Funny)
Re: (Score:2, Interesting)
The NSA would like to thank Motorola .
Motorola (cell) in now owned by Google. Shouldn't that be "...would like to thank Google"? Pretty much use to Google doing these kind of shenanigans but I can't help feel that on Slashdot we need to be careful about linking Google and Android to bad things. Only Apple does such things (except it doesn't...the GPS tracking frenzy was a lot of gnashing of teeth for nothing). Remember Apple sells me a device, Google sells me.
Re:Don't you know... (Score:4, Interesting)
Remember Apple sells me a device, Google sells me.
Riiiiight. Apple never spied on anybody [gizmodo.com].
Re:Don't you know... (Score:4, Interesting)
Google doesn't sell "you".
Google sees an aggregate or approximation, that may-or-may-not describe you.
Re: (Score:2)
No, Google sells your eyeballs. Well, rents them.
Re: (Score:3)
Google sees an aggregate or approximation, that may-or-may-not describe you.
So there is a probability distribution describing how much of you Google is likely to sell. Determining the shape and parameters of that distribution is left as an exercise for the reader.
That article is utter nonsense (Score:4, Informative)
The idfa feature has nothing to do with Apple tracking you. It has everything to do with *others* tracking you - or rather, limiting how others track you.
Prior to iOS6, third party apps would access your devices UDID and use it to track your device. There was no way for a user to disable or limit this. In iOS6, Apple shut that down and forced advertisers to use the idfa instead. The idfa is something you as a user can reset or turn off to limit how advertisers track you. The feature is a pure win for user privacy and anyone who claims otherwise is either a complete idiot or thinks his audience is.
Carrier IQ (Score:2)
On November 12, 2011, Trevor Eckhart published a report indicating that Carrier IQ software was capable of recording user keystrokes.
Droid X2 was a Verizon phone so it shouldn't have Carrier IQ on it.
thanks, Obama! (Score:5, Funny)
Re: (Score:2)
http://techcrunch.com/2011/12/11/googles-3-top-executives-have-8-private-jets/ [techcrunch.com]
Re:RTFA. (Score:5, Funny)
Of these three multibillion-dollar corporations, which one has a private jumbo jet for its executives:
1. ExxonMobil
2. Verizon
3. Oracle
4. Google
"Don't be evil"? My ass.
Probably the one that only hires people who know how to count.
Re:RTFA. (Score:5, Funny)
There are only two hard things in Computer Science: cache invalidation, naming things, and off-by-one errors.
#1 reason to use Android (Score:5, Insightful)
You can RELOAD the device's OS with custom ROMs that don't do this crap. If it was discovered Apple does this (and who's to say they don't) what choice have you? And Windows phone? Don't even start.
Part of the reality of "security" is taking responsibility for your own. Security is not a product you can buy. It's not something that other people can do for you (because that's tyranny). It's a personal responsibility and it takes knowledge and understanding to do. Tough luck to all those people who have neither the inclination nor the ability to learn.
Re: (Score:2)
You can't reload with a custom rom if the phone uses a signed bootloader (which motorola is notorious for doing), or in the case of the article's author, you are "banned" from doing so by your employer (his employer bans rooted phones from accessing active sync)
Re:#1 reason to use Android (Score:4, Informative)
You can have a custom rom that is not rooted.
I do.
Why do people confuse these?
Re: (Score:2)
Re: (Score:3)
But, the GP is still incorrect - flash or eeprom are made to support change. A particular version of OS/software is not a ROM. Maybe ROP (read-only programming) or something similar, but ROM references the physical memory, not what's stored in it.
Re:#1 reason to use Android (Score:5, Interesting)
We only use rooted phones running Cyanogenmod 10.1 in our environment. We have a fleet of about 50 smart phones and all of them but about 4 are Google Galaxy Nexus phones. We don't consider anything that we don't control to be secure.
Re: (Score:3)
Is that your recommended phone? If one were going to ditch an iPhone for something running Cyanogenmod today, which phone would you choose?
Re: (Score:3, Interesting)
Your best bet for installing custom firmware is almost always going to be the current Google dev-phone (previously the Galaxy Nexus, currently the Nexus 4 IIRC) The phone is directly supported by Google and has an unlockable bootloader, no tricky hacks required.
Re: (Score:3)
Pedantic point: the Galaxy Nexus I got from Verizon did not come with an unlocked bootloader. It was trivial to unlock it, though. Perhaps you meant phones purchased directly from Google?
Also, my reply to the parent's question of best ROM (there are limitless opinions about this, so this is nothing more than my own): JBSourcery ROM is my favorite, mainly because of JBSourcery Tools. There's nothing there you can't do with other ROMs... they just make it really easy to do things like drop in alternate ker
Re: (Score:2)
Motorola signs/encrypts the kernel. This massively hampers any attempt to load a new ROM, because the kernel remains constant thereafter. Any low level API changes etc are impossible to support except in software at a much higher layer in the stack
Numbers say they don't (Score:5, Insightful)
If it was discovered Apple does this (and who's to say they don't)
We know they don't because there are many hundreds of millions of people using Apple devices now, and lots of developers using network proxy monitoring tools in development that see all network traffic from the devices to boot.
Basically if Apple were doing this we would have known long ago, and there would be no shortage of people to shout about it continuously on Slashdot and elsewhere.
Re: (Score:2)
Or it sends it to the store when you browse. Assuming that is all encrypted you would never know.
Re:#1 reason to use Android (Score:5, Insightful)
Part of the reality of "security" is taking responsibility for your own.
The only way to get real security and privacy with a cell phone is not to have one. A bonus is that implementation of that strategy requires no special technical knowledge.
Re:#1 reason to use Android (Score:5, Insightful)
You can RELOAD the device's OS with custom ROMs that don't do this crap. If it was discovered Apple does this (and who's to say they don't) what choice have you? And Windows phone? Don't even start.
So there is a massive _actual_ privacy violation by Google (who owns Motorola and is 100% responsible for anything that happens under the name Motorola), and you complain about what-ifs with Apple and Microsoft?
Remember that Google's customers are the advertisers. Apple's customers are people buying Apple devices. I expect both Google and Apple to do what is good for their customers, even if it hurts others (like _you_ in the case of Google, and advertisers in the case of Apple).
Re: (Score:2)
But its something you can't buy - by not buying a smartphone or any of thees spy devices..
Re:Don't you know... (Score:5, Informative)
I think it might be this: https://en.wikipedia.org/wiki/Motoblur [wikipedia.org]
Lots of phones/providers sync your personal data for you in case you lose your phone.
(And I'm sure there's an option somewhere to turn it off, although you never know with big corporations...)
Re: (Score:2)
Yup. This is just that POS.
Why anyone would want a phone like this I will never know.
Re:Don't you know... (Score:5, Interesting)
TFA has just been updated saying it's MotoBlur with an automatically created Blur ID - it doesn't even ask you to create an account any more
I guess that was Motorola's way of "removing" MotoBlur from phones - remove the account creation UI, generate the account secretly without any prompting.
Whatever, Motorola deserves to be bankrupted over this. If I was a class-action lawyer I'd be getting in touch with this guy right now.
Re: (Score:3)
Well Google own Motorola now, are we sure this isn't just the Android Sync integration? If it is then it does ask you when you set the device up first time.
You'll have to excuse me in suspecting that if the author of TFA didn't realise it was a sync tool that he also is inept enough to not realise he actually signed up to it when he first got the device.
Re:Don't you know... (Score:5, Insightful)
Sigh.... they makes me more disappointed than mad, and reminds me of the phrase "The road to hell is paved with good intentions".
They want easy sync, they want it so they can restore user data and save people's bacon whose phone gets destroyed or lost. Awesome, great intention. However, http? No SSL? Come on guys! At LEAST encrypt the data in flight!
In reality, they should encrypt it at rest too, and have the user at least submit some sort of password or something so its not just.... gobs of juicy data waiting to be sniffed or scooped. Realistically this means everyone who had one of these phones, with few exceptions, have their data, out of their control, just waiting to be abused.
Re: (Score:2)
I would be fine with what you're describing as an option, because that would mean I could turn it off. As far as I can tell, there is no way to truly disable this "feature" other than installing a different version of Android on the device. Maybe other Motorola phones have that option somewhere, but I am reasonably sure this one doesn't.
Re:Don't you know... (Score:4, Insightful)
I agree it should be an option, but I can sympathize with companies not wanting to deal with that expletive. People who do stupid things rarely blame themselves, but they are happy to blame others loudly in public where it can hurt your brand.
Re: (Score:3)
It seems to me that the first form of abuse should be a user providing bogus data to moto. If it's HTTP, and the credentials to upload are available (unencrypted, so they should be), then this is a "service" ready to be abused.
Time to send moto some seriously disturbing things that will skew the results of whatever research they're doing toward the odd and completely wrong.
Re:Don't you know... (Score:4, Insightful)
You could try reading the article.
It does appear to be part of Blur, yes.
Only the X2 was not sold as a phone with Blur, it does not have the obvious UI elements. And the author never explicitly signed up for the Blur service or created an account. The phone appears to have silently created a Blur account for him and proceeded to send a bunch of private information to the service, all without his knowledge or consent. How helpful.
Well done, Motorola (Score:5, Funny)
"A company that listens to its users"
Comment removed (Score:5, Funny)
Re: (Score:3)
Who the hell trusts their phone company? Now I can add who trusts their phone manufacturer? Not that I really trust my bank that much either...
Improved Customer Experience (Score:5, Funny)
Re:Improved Customer Experience (Score:5, Funny)
Patent? Did someone say Patent? What a great idea!
Re: (Score:2)
If they know to whom you're talking, or what pictures you're taking, or what documents you're reading or writing, or where you are at any given moment
Well, I'll be sure to give them something to look at. Since this is plain HTTP, technically I can send them anything if I know the right URLs. So they'll see me talking to the presidents of various countries (some friendly, some not), taking pictures of goatse, reading leaked classified documents, visiting motorolasucks.com, and visiting various locations around the north and south poles, North Korea, and Motorola HQ.
Mix in enough chaff and it's harder to separate the real data. Too bad the article doesn't
Re: (Score:3)
Too bad the article doesn't list the URLs
Yea, shame. The article only lists a bunch of thingies that all start with: ws-cloud112-blur.svcmot.com:443/blur-services-1.0/ws/
Too bad that isn't a URL :(
Sad, but also not surprising (Score:5, Insightful)
Re: (Score:3, Insightful)
"It seems every device, every internet service, basically every communication node that we use has been turned into something that is beyond George Orwell's worst nightmare."
Yes, if you use commercial easy to use toasters like a phone with stock android, iOS, Windows, OSX, etc on it... You are correct.
If you want privacy and control. Run linix or one of the hacked and cleaned Android releases.
Re: (Score:2)
Re: (Score:2)
Re:Sad, but also not surprising (Score:5, Insightful)
So you've manually inspected the binaries from cyanogen to confirm that every release they make is 'safe'?
Instead of blindly trusting your manufacturer, you're blindly trusting a modder.
Not really sure why you think its different.
Re: (Score:2)
who could give a flying fuck about privacy or what implications it could have for them in the future.
OK so they give a flying fuck but what are they doing about it? ;)
Re: (Score:2)
The "making phone calls" part of my phone is the least interesting aspect.
It is owned by Google (Score:2, Insightful)
Re:It is owned by Google (Score:5, Informative)
This is just Google collecting all of the worlds data, just like they said they were doing to do.
The Droid X2 was released on May 11, 2011. Google announced their intention to acquire Motorola Mobility on August 15, 2011, and completed the acquisition on May 22, 2012.
Re: (Score:2)
This is just Google collecting all of the worlds data, just like they said they were doing to do.
The Droid X2 was released on May 11, 2011. Google announced their intention to acquire Motorola Mobility on August 15, 2011, and completed the acquisition on May 22, 2012.
The Droid X2 runs Android which is made by Google. Any servers Motorola runs today are most likely managed by Google now.
Re: (Score:3)
Re: (Score:2, Insightful)
Yes.
Oops... (Score:2)
I blame the government (Score:5, Interesting)
I know, that sounds like the lead-in to a joke - but not this time.
In the US, anyway, Congress established quite some time ago that companies had more rights to our personal information than most of us would want them to have. So it's not surprising when we find out the NSA (or whoever) has carte blanche to our information - and also that Congress doesn't grok why we get upset about it.
Europeans ostensibly have much stronger protections in this regard; but it seems to me there's a lot of "wink, wink, nudge nudge" going on over there, and those "protections" are mainly in place so their officials can posture indignantly whenever news like this comes out. In practice I don't think there's much of a difference on either side of the Atlantic.
So what's the big deal about yet another large entity slurping our personal information? Whether they're public or private - according to the folks elected to represent us, we shouldn't be upset about it...
Re: (Score:3)
Perhaps the government is to blame, but if I had a Moto phone, I could be liable for the security breach if I worked at a secure company location. If I were a responsible IT manager at one of those companies, I'd be pretty pissed about this.
You can't sue the government for Motorola's ineptitude, but you can sue Motorola. I hope someone does just that, and slaps down this culture of snooping and ineptitude that could ruin careers and lives.
Re: (Score:2)
and also that Congress doesn't grok why we get upset about it.
Oh, Congress knows we're upset about it, and understands why we're upset, but about 3/4 of them don't care. There are a few major reasons for this:
(1) The only major campaign donors who care about it support the surveillance. That means that doing the will of the people will incur a financial penalty and no financial gain.
(2) Because both major parties basically agree that this kind of thing is at the very least not a problem, there's no threat of the other party fielding an effective candidate that will ca
Re: (Score:2)
We are correct to blame the government. It's the job of businesses to get away with as much as possible. It's the government's job to keep them in check. If they aren't doing their job we have a system in place to peacefully show them the door.
blaming the government (Score:5, Funny)
I watched a Bill Maher video yesterday in which a conservative politician who clearly believed that cleanliness (and short hair) is next to godliness claimed to believe in "adaptation" but not a certain fish story when confronted by a historically unelectable Canadian politician about whether he believed in antibiotic resistance (in which the evolution of the resistance trait was greatly accelerated by careless overuse).
I actually cut the guy some slack. There's no reason why he can't logically believe in the special theory of evolution (local adaptation) without necessarily believing in the general theory of evolution (the ascent of complexity from primordial origins). To believe in one without the other requires a larger than average mental judgement in between. Unfortunately, he lamely fell back on invoking the missing link. Bzzzzt. Thanks for playing.
Clearly he hasn't checked in with the Out of Africa theory lately, which was speculative until we began to read DNA in the early 1980s with all the proficiency of a clever three year old. Right now we're at about year two of a ten year post-graduate program in speed reading for lifeforms with facet eyes. Things have changed. If there were any region of the globe over the past 10,000 years (or 100,000 years) where the genetic lineage of any species of quadruped (Noah being the patron saint of charismatic megafauna) is constricted to a single breeding pair, we'll surely find it soon on the rising flood of sequence data. Dude groomed for rapture should be worrying about the missing crink, not the missing link.
I can't say I have a higher opinion of "blame the government". It's like blaming calcium for arthritis, on the grounds that sans calcium, arthritis as we know it would no longer exist. The problem here is that calcium is just the implementation. The specification is to have a load bearing structure nimble enough to evade and pursue (aka biosecurity). A large branch of the solution space descends from elbows and kneecaps.
One of the major functions of a large population is agreeing on the threat enough to achieve cohesion in the threat response. This is mirrored in the organism by how the fight/flight response is balanced on a knife edge, and how the hormones that prime this metabolic state also tamps down immune response. Guess what, libertarians, that's a centralized response.
You can discard the implementation (government as we know it), but you can't discard the specification. Unfortunately, contrary to the most vociferous howls, the problems are actually rooted in the specification, not the implementation.
Just like replacing an aging software system, while it's absolutely certain that the worst points of friction in the existing system will go away, new points of friction are extremely likely to take their place, unless you stumble upon the "silver bullet" solution paradigm (social media won't let you down). I tend to be fairly reluctant to stick up my hand when a surgeon promises to cure my arthritic knee by lopping off my leg and grafting on a tentacle to replace it. I worry that might bring with it new problems every bit as annoying as the previous problem.
The present state of the NSA and the legislation around it is pretty much an unbroken story since the end of the first world war. (The Germans did not invent Enigma on a fall afternoon in 1939.) I vaguely recall reading in the The Puzzle Palace (or something similar from the same era) that before the U.S. government passes a law preventing secret agencies from spying on American citizens there was already a secret law on the books exempted a certain no such agency from being beholden to any such future law.
Democracy it turns out is a lot like the human immune system. It shuts down on a dime in the presence of an acute threat, as defined by the pulsed secretion of some small gland. Once you get to the place where the small gland sees a lion in every box of Cracker Jack, democracy is reduced to vestigial status, until
It's motoblur... (Score:2, Informative)
It's a server side social service from motorola,see http://en.wikipedia.org/wiki/Motoblur
Re: (Score:2)
Re: (Score:2)
It's a server side social service from motorola,see http://en.wikipedia.org/wiki/Motoblur [wikipedia.org]
Did you see the part of TFA where the user was given no indication that 'motoblur' was active, and the phone was using randomly generated 'motoblur' credentials because it had never even prompted him to create any?
Re: (Score:2)
Its a "feature"
From wikipedia:
First generation Motoblur-based phones require a new user to create a Motoblur account, denying access to the main screen until the account is established. User account information is stored on Motorola's servers for access from web browsers and future phones. Newer devices allowed users to defer Blur services until a later registration
Presumably, once you got around to making a motoblur account it would like to the "temporary one".
Apparently it didn't occur to motorola that s
Re: (Score:2)
If that's idiocy, it's well up into 'indistinguishable from malice' territory.
How is this even legal? (Score:2)
I'm sure they feel they can write anything they want in an EULA, but I can't see how this is legal.
This is actively taking your data for their own purposes, and should be something with criminal penalties.
And Google recently added terms to the permission for the Android keyboard update which wants more access to your personal information -- forcing me to conclude that any device you buy these days is actively working against you, and is best kept in airplane mode as much as possible.
You don't own and contro
Re: (Score:2)
It's legal because there is no law against it. What specific law do you think it is violating?
Re:How is this even legal? (Score:4, Insightful)
How about this [cornell.edu]?
They've gone way beyond authorized access, and are collecting information they have no business accessing.
But somehow those EULAs magically give them the legal right to do anything they want to.
Re: (Score:2)
So run stock android (Score:2)
This is why you run stock android, or one you built yourself not some blur BS.
Re: (Score:3)
Yeah, and then the only company you need to worry about not trusting is Google.
Unfortunately, even on a stock Nexus tablet, Google pushes very hard to force you to use their stuff, and actually signed me up for a You Tube account when I launched the app, even though I don't want a You Tube account and never got asked.
I'm pretty sure we're screwed no matter what we run these days.
Re: (Score:2)
Or flash your own rom.
Achievement Unlocked (Score:5, Informative)
"An article you wrote for your personal website has appeared on the main page of both Slashdot and Hacker News, and you were not the submitter in either case."
I haven't logged onto this account in ages, but if anyone has any questions, I'd be happy to try to answer them.
Re: (Score:2, Troll)
Re: (Score:2)
Of course, I have no need to worry about such things now! :)
Re: (Score:2)
Re:Achievement Unlocked (Score:5, Informative)
In the absence of a better answer, I would go with the model I used for this testing:
Build a Linux system that acts as the sole gateway between your internal network and the internet (whatever means you are using to connect to the internet). Set it up with an intercepting proxy like Burp Suite or OWASP ZAP, and install the signing cert on your devices. Configure all of your devices to proxy HTTP and HTTPS traffic through that intercepting proxy. This will let you see nearly all HTTP and HTTPS traffic, and optionally to modify that traffic as it passes through.
That system can either just be a gateway for some other device (e.g. your wireless router), or you can set it up to perform the DHCP and other functions for the other devices on your network.
It would probably also be helpful to set it up as the DNS server so that if you end up needing to look at something that requires spoofing DNS, you're all set.
Mode 1 - for everyday use:
Use iptables to forward all traffic from the internal interface to the external interface.
Run network captures to see traffic patterns and anything that is unencrypted which is not going through the intercepting proxy.
When you see something interesting that is non-HTTPS (e.g. via a network capture) but is encrypted, temporarily switch to Mode 2, or if necessary (like it was in the case of the XMPP traffic here) selectively forward it (again, using iptables) to a custom MitM proxy.
Mode 2 - for special cases:
Run Mallory on the gateway instead of the regular iptables forward.
This is only for special cases because Mallory will impose a noticeable slowdown.
I'm working on a ground-up build doc for this type of system that will go into a lot more detail. It can be run in VirtualBox or another virtualization platform.
The only thing it may not do is the sandboxing requirement you listed, depending on what you're hoping for. It's also not super-straightforward (especially Mallory and any custom MitM stuff you need to do), but it's a lot easier than it used to be, especially since the intercepting HTTP/HTTPS proxy takes care of nearly all of the traffic these days.
Re: (Score:2)
What's your take on this thread on Hacker News where the commenter tried to cast complete blame on Microsoft for this? Is he right?
https://news.ycombinator.com/item?id=5974130 [ycombinator.com]
So maybe they *do* have a copy... (Score:2)
So maybe Apple or Motorola or someone do have a copy of the infamous Rob Ford Smoking Crack video in their archives.
Why do they keep trying to "social " us? (Score:5, Insightful)
What is this crap, and why do they always get it wrong?
Yes, I do want to seamlessly sync my mail, sms and contacts across my devices.
Except none of the solutions proposed really do that well...
(Or maybe I'm not typical, having multiple PCs and mobile devices, including iOS and Android?)
Photos too? Hell, why not. Picasa from Google used to be OK...
But now, after the "success" of FB, it seems that you can't have simple sync solution anymore; everybody is pushing unwanted, privacy-leaking, "social" features down our throats.
Just please fucking stop!
Re: (Score:3, Funny)
5 of your friends read this post. Blink some time within the next 30 seconds to read what they think!
Re: (Score:2)
FOSS alternative(s) to Burp Suite? (Score:2)
The Burp Suite used by the investigator is a Java tool with a non-FOSS license [portswigger.net]. Blah.
Does this use my monthly bandwidth? (Score:4, Interesting)
I'm wondering if I get charged for this?
Unlimited Data (Score:3)
It's a good thing that everyone's on unlimited data plans in the U.S.
If I was a criminal (Score:2)
Re: (Score:2)
Even if this is true, they certainly ought to encrypt it. Don't dropbox, google drive, and skydrive encrypt their transfers?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
It's more adorable in fuzzy animals [wikipedia.org]; but it works with humans as well...
Re: (Score:2)
It's soup cans and string for me from here on out...
Re: (Score:2)
Aaaaand on behalf of the entire Slashdot community (particularly the part of it that doesn't want me speaking on their behalf, because I love pissing off those douchewads)... I'd like to welcome you to our community, Mr. Kaczynsky.
Please don't blow us up, even if we silently note the hypocrisy of loudly advocating disposing of all the untrustworthy elements of the "industrial-technological system" on a technofetishist on-line computer-based weblog. Well, please don't blow me up, anyway. Kthxbye.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
How about a little bit of subversive thinking and acting?
Let's turn this whole surveillance mania against them, won't we? Say, the US government won't give a rat's ass of what you want or what you think: write to them as much as you want, they won't even acknowledge you exist. However, try to keep something private, and they'll go out of their way to spy
Re: (Score:2)
This. Fight back!
Re: (Score:2)
If this is true that Motorola is spying on everything you do, stealing your goddamn IMAP and facebook passwords then sue their asses and press criminal "wiretapping" charges.
Silly consumer, the CFAA only makes more or less anything you do with or to a computer a felony if you aren't a corporation...
Re:Nonono, beware the evil chinese (Score:5, Insightful)
These are not the droids you are looking for... Look at the Chinese! Look at the evil Chinese! They're spying on us!
Well, of course they are. But look at it this way:
When the Chinese spy on you, what can they do to you based on the data it gathers?
When the your own government spies on you, what can it do to you based on the data it gathers?
Somehow, I feel safer sending my data to the Chinese...
Re: (Score:2)
CarrierIQ was scumbag marketing bullshit, and wasn't "required" to be on anything. Since that's your jumping-off point, it's pretty much safe to disregard anything else you've got to say.
Censorship of this subject isn't a winning strategy
No, but modding down idiotic falsehoods works pretty well. (And the poor schmucks who feed you. I suppose I deserve it.)