Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Encryption Privacy Businesses Cellphones Communications Government Network Networking Security Software The Internet News Your Rights Online Hardware Technology

Smartphone Users Are Paying For Their Own Surveillance (truth-out.org) 85

Nicola Hahn writes: While top secret NSA documents continue to trickle into the public sphere, tech industry leaders have endeavored to reassure anxious users by extolling the benefits of strong encryption. Rising demand among users for better privacy protection signifies a growth market for the titans of Silicon Valley -- this results in a tendency to frame the issue of cybersecurity in terms of the latest mobile device. Yet whistleblowers from our intelligence services offer dire warnings that contrast sharply with feel good corporate talking points. Edward Snowden, for example, noted that under mass surveillance we're essentially "tagged animals" who pay for our own tags. There's an argument to be made that the vast majority of network-connected gadgets enable monitoring far more than they protect individual liberty. In some instances, the most secure option is to opt out.
This discussion has been archived. No new comments can be posted.

Smartphone Users Are Paying For Their Own Surveillance

Comments Filter:
  • by nimbius ( 983462 ) on Monday June 20, 2016 @07:20PM (#52356413) Homepage
    from TFA:

    Even if a phone call is encrypted, the very act of making a call provides a wealth of data to spies.

    implying you know what a phonecall looks like encrypted. TLS from services like signal on android look indistinguishable from any other VPN traffic you might see on the wire. Couple the phone with openvpn's client, and you have a phone that well, doesnt emit phonelike traffic at all.

    non-smartphones can be viewed as superior to smartphones as they generate a smaller data footprint. Going a step further, a pager can be viewed as superior to a non-smartphone because communication on the user's end is further constrained, as well as not anchored to a particular phone line.

    but that footprint is guaranteed to use public infrastructure that is readily intercepted by a malicious state actor. you no longer have a cryptographic option, or very much insight into what traffic is leaving the phone. A pager routinely hits a cell tower and emits user-identifiable data that will always be relayed through a carrier network that is part of the state apparatus for spycraft. Pagers havent been safe since the DEA realized they could intercept them during drug investigations.

    Perhaps, in certain cases, the best solution is to follow the lead of Russian spymasters and simply opt out.

    In some cases, yes. Do you absolutely need your cellphone on you at all times? you would be surprised how many events dont require it but its present anyhow; do an audit. For events that do require a cellphone, use your situational awareness to limit its emissions, and ensure the device as well as its traffic is encrypted. Check out Prism Break [prism-break.org] for more information on how to avoid state sponsored unlawful surveillance.

    • A pager routinely hits a cell tower and emits user-identifiable data that will always be relayed through a carrier network that is part of the state apparatus for spycraft.

      Uhhh, no. My pager "hits" nothing. It is a receive-only device. It has nothing to do with cell towers.

      The only "spycraft" is that the pager company can record the phone number of the caller. The message itself can be completely meaningless to anyone who intercepts it.

      Pagers havent been safe since the DEA realized they could intercept them during drug investigations.

      Depends. If the caller is using a burner or a phone unattached to him, then the DEA can intercept all they want. They aren't going to know that "34592" as a message means "the kilo of coke is ready for pickup at the regular location" unless t

    • implying you know what a phonecall looks like encrypted.

      It looks like a more-or-less isochronous, symmetrical stream of packets that takes a medium amount of bandwidth (less than video, but more than online gaming). If you wanted to make it look less like a phone call you would want to do something like add jitter or latency, or send lots of junk data along with the signal... but those things would either reduce call quality or waste your data allotment.

      • by gweihir ( 88907 )

        No, it does not. First, there is suppression of the noise-floor, i.e. no traffic when you do not speak. And second, there is the voice-codec compressing different speech differently. Apparently, this even leaks some amount of what is being said. A better (future) standard would add cover-traffic, with isochronous data-rates and then that leak gets plugged. You could still identify voice-traffic, as almost no other stream-type is isochronous at this data-rate.

    • implying you know what a phonecall looks like encrypted. TLS from services like signal on android look indistinguishable from any other VPN traffic you might see on the wire. Couple the phone with openvpn's client, and you have a phone that well, doesnt emit phonelike traffic at all.

      Which can all be undermined by malicious or compromised hardware, you need to have open hardware and a way of verifying it.

    • by gweihir ( 88907 )

      There is good research for identifying phone traffic from encrypted data packets. It is rather simple, it seems as you can see typical voice-patterns and what the voice-codecs make of them in the data-rate profile.

  • by Anonymous Coward

    Your car, your phone, your tablet: all spying on you.

    • My car can't spy on me; it was built before digital cell networks existed!

      • But if it's registered to you and you drive it on public roads then the opportunities for surveillance and tracking are not that difficult to comprehend. Indeed it happens with a lot of police vehicles, major arterials and certainly on toll roads.
        • Good point. Still, that's not exactly the car's fault in the same way that it is with modern "infotainment"-infected ones (and especially things like Leafs, Teslas, and anything with a Progressive Insurance "snapshot" module plugged into it).

          What we need is a license plate cover that allows the plate to be read by humans but masks it against being read by cameras (and to repeal the laws prohibiting its use). You could say we could prohibit the use of the tracking cameras instead, but we all know that wouldn

          • What we need is a license plate cover that allows the plate to be read by humans but masks it against being read by cameras

            That's not physically possible, since the human eye has a limited range of sensitivity and we have long had sensors that overlap that range of sensitivity. Anything that the human eye can read, those sensors can read ; anything image that can be read is an image that can be OCR'd and it's content extracted.

            That is why ANPR is a commodity product, and barely regulated.

          • Still, that's not exactly the car's fault in the same way that it is with modern "infotainment"-infected ones (and especially things like Leafs, Teslas, and anything with a Progressive Insurance "snapshot" module plugged into it).

            True, but even if you eliminate that it doesn't really matter whos fault the "spying" is, the end result is that it happens and is becoming more widespread as the cost of surviellance plummets.

            What we need is a license plate cover that allows the plate to be read by humans but masks it against being read by cameras (and to repeal the laws prohibiting its use). You could say we could prohibit the use of the tracking cameras instead, but we all know that wouldn't actually get rid of them.

            I'm not sure the human eye has a spectrum that we can't visualize with a camera, in fact it's actually the other way around. Like you say, prohibiting the use of cameras is unlikely to make it go away, this is also my argument against going to any effort for legislating for network privacy. Even if they say they aren'

            • I'm not sure the human eye has a spectrum that we can't visualize with a camera, in fact it's actually the other way around.

              I was thinking more along the lines of a polarized filter or array of CCD-blinding infrared LEDs.

              • I was thinking more along the lines of a polarized filter

                These have been debunked. It kind of worked for very specific angles against certain kinds of older cameras but in pretty much all practical circumstances is not going to work.

                or array of CCD-blinding infrared LEDs.

                That's easily overcome with an IR filter.

                I see where you're going with this but surveillance is only one part of it, even if you can outlaw surveillance cameras you still need to get redlight/speed cameras removed because governments aren't going to allow devices that circumvent existing legal law enforcement mechanisms. While I'm ske

  • by known_coward_69 ( 4151743 ) on Monday June 20, 2016 @07:24PM (#52356429)
    like if someone were to hit my car i can snap a location/date tagged photo after the event for evidence so the perp can't lie their way out of it. and my phone keeps a record of where i go, just in case the cops arrest me for something i didn't do like happened to a lot of people back in the good old days
    • by Anonymous Coward

      ...and my phone keeps a record of where i go, just in case the cops arrest me for something i didn't do like happened to a lot of people back in the good old days

      1) leave my phone at home on the kitchen counter
      2) commit some act of larceny
      3) ...
      4) use my phone's location as an alibi
      5) profit

      Oh wait, maybe I need to rethink this.

    • by jxander ( 2605655 ) on Monday June 20, 2016 @08:55PM (#52356803)
      A very useful tool in a society where you are assumed guilty and must prove your own innocence.
  • I find it absurd how easily people don't realize that if you have a family, you do have "something to hide".
  • the most secure option is to opt out.

    I'd think that doing this would put a bigger target on you.

    With facial recognition the way that it is now, the data gathered from these sources will carry a little more weight to compensate. Meta data collected from these sources would be analyzed a more thoroughly. Links to other data monitored more closely, bank accounts, utility usage, stores frequented, etc. This is likely already being done automatically.

    You are going to be profiled whether you like it or not. We are long passed the time of being able

    • Not really lost. We just have to "opt in" the entire ministry. We have cameras too. Let's make good use of the system. Since we can't stop the spying, let's just do what we can to remove the state's advantage.

    • I believe letting the surveillance folks know where my cellphone is at all time is better for my privacy. It makes them lazy.

      Why?

      Because when I have it on me most of the time, then I leave it somewhere, that's where they think I am. So I can be anywhere else and no one will suspect.
      My cell phone sits quietly at home when I visit my dealer.

    • by cpghost ( 719344 )

      I'd think that doing this would put a bigger target on you.

      What's so bad about this? I mean, seriously? You'll be drawing a couple of mW and CPU cycles of NSA/GCHQ's computers more than they would have wasted otherwise, and occupied a couple of additional bytes in their storage system. That's all there is to it. No more, no less. As long as your behavior doesn't trigger an alert that forces a human operator to briefly look at your data, no harm has been done. And if a human op has to look, the only harm d

      • As long as your behavior doesn't trigger an alert that forces a human operator to briefly look at your data, no harm has been done. And if a human op has to look, the only harm done is his or her wasted time, time that would be better put to use to investigate real targets instead of false positives. They don't care about your petty life, that's not what their mission is about.

        I don't think you have ever been a system administrator or worked closely with them. It seems to be human nature to pry into the personal aspects of other peoples lives. If you give someone the option and enough time... they will do it. Even when it is outside their job title or even if it could result in their dismissal. If they know they won't get caught they will eventually do it. I seen this in many other people. It's a sickness. A human condition. I seen it in myself and I was disappointed in myself.

        If

        • by cpghost ( 719344 )
          Actually, very long-term sysadmin here, responsible for huge number of servers and users. Believe it or not, once you're herding a certain threshold of users/machines, you stop being curious about individuals' behaviors, porn, lives, whatever... it becomes totally irrelevant.

          Those guys working at 3/4 letter agencies are in the same position: I'll bet what you want that most of them are bored senseless when they are alerted by the algorithms that they have to look into some real-life data, just to find out

  • Taxes pay for the NSA surveillance company. Hello. McFly.
  • by Anonymous Coward

    ... for making the comment that "smartphone users aren't smart," a few weeks ago. My arguments were the same.

  • The point of a network connected device is to, uh, network. To communicate with other endpoints. There is no security in a network. I don't know why people think networks are supposed to be secure. They aren't. They are supposed to facilitate communication, not hide it.
    • They are supposed to facilitate communication, not hide it.

      The two are not mutually exclusive. You can facilitate communication and hide it, that is the exact purpose of cryptography.

      • by tlhIngan ( 30335 )

        The two are not mutually exclusive. You can facilitate communication and hide it, that is the exact purpose of cryptography.

        You can hide the content but not the communication.

        Fact is, you communicated with someone. Both endpoints are known, and their approximate locations, too. We also know how long you talked (or remained connected), if your position moved, who called whom, etc.

        See, the call has both the data (the content), and the metadata (information about the call). The metadata cannot be encrypted as

  • by WolfgangVL ( 3494585 ) on Monday June 20, 2016 @09:19PM (#52356891)

    Its about what I may want to keep to myself TOMORROW.

    Nobody want your dick-pics....... until they make taking them a felony.... and then when you speak out against XYZ, you can be quietly dealt with, publicly shamed, and discredited.... all within the bounds of the law.

    There was a time in my country when the people decided to make booze illegal. Maybe tomorrow some politic will make something *ELSE* I do every day illegal. See where I'm going with this? Nothing good will come of the vast stores of data we keep surrendering in exchange for pretty maps, trendy devices, and free email.

    Ditch the smart-phone. Its not your ally. You don't really need it, and its making you less able. Its a crutch. Hell I know a guy who can't even drive home from work without a GPS system. I bet you know somebody like that too.

    Buy yourself a dumb prepaid candybar (under your favorite cartoon characters name) if you REALLY feel you must have comms in your pocket, or your employment demands it you can make THEM buy it for you.

    Your data has real VALUE. You are being ripped off every second of every day, so that advertisers can help rip you off even more tomorrow, and maximize yesterdays ripoff today.

    ZOMG GOVERNMENT is watching me! = sounds like crazy ravings on purpose.

  • Kinda like we are all paying for our inevitable incarceration with out taxes huh? I love going to work every day knowing that my taxes are fueling the surveillance efforts that have been ongoing for the past two years. Gotta love FBI/LEO corruption. Wonder what I'll get charged with. Over and out.
  • If you know, or are reasonably certain, that you are being monitored via your smartphone, you have the potential ability to feed those doing the monitoring either misinformation or carefully chosen information. Want to get hammered at the bar? Leave your cellphone at home. Going to Christmas eve Mass? Take your cellphone with you. Want to buy some nice lingerie for your GF? Use your computer (assuming you trust your ISP, the on-line store, your credit card vendor...). Want to make a charitable donati
  • Dr Fun [ibiblio.org] was one of the first webcomics.

    He posted this in 2006 [ibiblio.org]

    Back in year 2000 some people i knew defaced AT&T billboards including tags about the NSA listening. This isn't all that new. Sadly, not a lot of pushback. When was the last time (or more likely, any time) you've talked about a stingray and your phone?

  • Sure, it's annoying to be tracked by algorithms around the clock via smartphones, but let's see it in a positive, or at least less negative, light for a change. Suppose you have the same name and/or a similar profile as someone who has raised some red flags and who landed on a couple of Governments' black lists. If you are really unlucky, next time you want to board a plane, you'll be in for a nasty surprise at secondary. Even if things get sorted out this time, next time you'll be again in trouble, and aga

A mathematician is a device for turning coffee into theorems. -- P. Erdos

Working...