Who’s Spying On You?
Posted by mattgsilverAug 26
I want to pass along a posting from Paul Myers (who I’m def. a big fan of).
He brings up some scary and creepy things that we don’t always think of in our day to day dealings with our electronics and on the internet. As much as I like the convenience and coolness of always being tapped in and keeping up to date with all of my friends, it’s easy to forget just how easy it is to be used against us.
Here’s what Paul has to say…
“There’s a thing called “IP geolocation,” which uses a database of IPs (numbers locating your computer on the network) and physical areas to show where a computer is located. There are a bunch of these, and the accuracy can be anything from very close to wildly off the mark. The good ones can narrow it down to a few blocks, in most cases. Sometimes to a specific building.
You can see this most often when you notice an ad on a site that’s used by people all over the world, but mentions your city by name. “[YourCity] mom discovers…” or “Man in [Hometown] loses 47 pounds using…” That’s IP geolocation in its mildest form.
Twitter has offered the option for a while to attach your IP address to a tweet, basically trying to tell people where you are. You have to opt into that, though. It’s turned off by default.
Facebook’s new “Places” settings options enable a more advanced function by default. The idea is to make it easy for your friends to know where you are. Unfortunately, it also makes it easy for people you might not want to share your location with to find you. Or know when you’re not home…
It’s easy to disable this option, if you know it’s there and what it’s called. John Williams sent me a link to the instructions. You can read those here:
http://lifehacker.com/5616395/how-to-disable-facebook-places
Why would this matter?
Well, maybe you don’t want your friends to know where you are every minute that you’re online. Or maybe you don’t want world+dog knowing when you’re not home. Or maybe you don’t want your employer knowing you’re logging onto Facebook from work.
Or from the park when you called in sick.
Just how much info should be distributed about you automatically?
But wait… There’s more!
….
There are applications on some portable devices and phones that can transmit the data from a GPS system to other sites. This can be used to pinpoint your exact address, and your location to within a few feet.
That’s how the “Places” function on Facebook works. And, with the default settings, your Facebook “friends” can “check you in” if they’re with you. Handy, if you’re careful about who your “friends” are, and who you allow to share the info. Given the default settings, though, it’s an announcement to the world every time you log in from a mobile device.
That can get into the realm of the dangerous. With it set to “Friends of friends” able to view the info, you could be broadcasting your location to burglars, stalkers, ex- employees, your employer, or even just that annoying person you’d rather not see right now.
Given recent comments from CEOs Mark Zuckerberg (Facebook – “Privacy is dead”) and Eric Schmidt (Google – “If you have something that you don´t want anyone to know, maybe you shouldn’t be doing it in the first place”), there is every reason to believe these services will be used as aggressively as possible.
Both companies have said the comments were taken out of context. That could be easily believed of Zuckerberg’s remark.
Schmidt’s is a bit less dismissable. None of that matters, though, when you look at the way their firms actually treat their users’ private data. Facebook set this option to “On” by default. Google initially opted every Gmail user into their social networking platform, Buzz, and created significant and foreseeable problems for some users.
I’m pretty sure I don’t want those sorts of decisions made for me without my knowledge or consent. How about you?
And it gets (potentially) much, much worse.
….
Apple has applied for a patent that has some deeply disturbing
implications: http://www.commondreams.org/view/2010/08/24-0
The summary: They want a patent on software that, in mobile devices, would let them listen to your conversations and/or take pictures of you or your surroundings, without any way for you to know it’s happening. Just remotely activate those functions, at their own discretion.
It would also let them monitor biometric data and all of your online activities while using their devices.
Ostensibly, this would be developed for purposes of preventing theft, or catching thieves. It’s even been suggested to me that Apple may want the patent to keep the idea from being used by others.
I don’t buy it. But that doesn’t really matter.
First, it’s nearly certain that, if this technology is deployed and not made illegal for use by private citizens, it will be abused. The theft-prevention rationale was offered, for example, by the Lower Merion school district, in their program giving laptops to every high-school student. “Only to enable recovery in event of theft,” they said. That didn’t stop people at the school from using it to spy on students in their homes.
Yeah. Really.
One kid was disciplined for “improper behavior” that occurred at home, in his bedroom. The Vice-Principal used a photo taken using the webcam in the laptop as his evidence. According to a forensic analysis commissioned by the district, the school took
66,503 screenshots and photos using these systems. The school admits these include pictures of the kids in their bedrooms.
If teachers will do that, what would a corporation do?
….
So, if you have one of these portable devices, where do you use it? In what situations do you simply carry a cell phone, iPad or other portable computing device? Do you want people able to spy on you in all those places, at any time, without warning?
It’s been suggested to me that there is prior art that might cause the USPTO to reject such a patent application, or be used later to invalidate it if granted. That raises other challenges. Specifically, anyone at all could include it in their systems.
Google has a cell phone OS. Just how much do you want them to add to their collection of data on you?
Then there’s the “social networking” phone, which is designed specifically for use with Facebook and Twitter. Do you want your kids to have one of those broadcasting their location to the world at every moment the phone is on?
This isn’t science fiction, folks. We’re not getting into foil fedora territory here. This stuff is real.
….
And then there are the outright criminals.
There is already malware code in the wild that lets remote operators turn on the webcam on infected computers. That’s not a big deal if you use a desktop machine and don’t keep one connected, or disconnect it when you don’t intend to use it.
But what about the laptops and netbooks, and even some monitors, that are sold with a camera and microphone installed in the machine itself? The last two portables that I got have them. Where do you, or your kids or employees, use laptops?
This isn’t especially difficult stuff to do. And the market isn’t restricted to criminals. For instance, on the first related search I did, I found someone asking how to remotely activate the webcam on his wife’s laptop without her knowing.
Some of these devices come with GPS systems installed. Anyone who can access those will know exactly where you are, what you’re doing or discussing, and with whom.
Anyone want to market sound-proof phone carriers, with built- in Faraday cages? A month ago, I would have considered that a ridiculous idea. Now, I’m thinking it’s a niche.
….
Electronic security isn’t just about data protection any more, folks. It’s gotten very personal, and it’s about to get more so.
You can take steps to reduce your exposure to this kind of invasion of privacy. First, make sure you have proper security software on all your computers. That’s good policy anyway, so that’s not too extreme.
With the social networking sites, it’s a matter of watching your preferences. Also just common sense. And easy.
Don’t leave external webcams attached when they’re not in use, if you have any objection to what you do in the same room with them being seen by someone else. Using a USB hub makes disconnecting them easy, and it’s a reasonable precaution, with the amount of trojans running loose online.
With laptops and netbooks, just be aware that this stuff is possible, and take whatever precautions you may feel are appropriate. That might be nothing at all, for many of you. It could mean turning the thing off when it’s not in active use.
Or putting tape over the camera lens. Or, if you have the need or desire to be especially cautious, having a physical switch installed to prevent remote activation of the camera or microphone.
I can’t begin to guess what level of security will work for you. Some people won’t consider it an issue at all, and they may well be right. For them. For others, these are real concerns. It’s getting very easy to install this kind of monitoring code, and there are too many people with incentives to do it. Employers, co-workers, competition, family members, and various less savory types. Brings new meaning to the word “spyware,” yes?
Make sure your kids are aware of the potential issues, too.
….
I’m told that law enforcement agencies have had the ability to turn on cell phones remotely as listening devices for a while now, with a proper warrant. I consider that a very different thing than random strangers being able to access these kinds of info at will.
As of this moment, I am not aware of this being a problem for cell phones and similar portable devices. Just keep this in mind, and pay attention for it.
Whether Apple gets that patent or not, it’s coming.
….
If it’s installed or used by any corporation, I have a suggestion that seems appropriate: The top officers and all members of the board(s) of directors should be required to carry one of the devices with them at all times, with the audio and video enabled 24/7, and streaming to the web for the whole world to view.
Hey, if we don’t get to decide what we can keep private, why should they?
….
The idea here isn’t to scare you, or create some sort of conspiracy buzz. If that was the goal, I’d point you to an even more extreme, and equally current, example of invasive
observation: http://talkbiz.com/r/iris.php
As you can see, this stuff is real. The technology exists right now, and most of it is already in use. It may not pose much of a threat to many of us, but it’s something to be aware of and to watch out for.
Knowing it’s possible is 90% of the battle.
Be careful out there.
