Use A Phone? This Means YOU:
Your Private Life Has Suddenly Exploded.


This Treasure Map About Us Is Not Only By Us But For Us - its a graphical representation of the WIGLE Database 
which contains the precise details of over four billion geolocated internet devices compiled by, curated for, and available to — everybody.


LONG VERSION: WARNING
• Super Short Version HERE
• For the Slightly Longer But Still Short Version, 
   Skip To The MAIN POINT of this post
• Or just check out the LINKS at the end.

 
PREFACE
(Skip to main point)

 Maybe you are reading this right now on your phone, but perhaps not. Maybe you would say ‘Of course, I know that’ if I were to tell you your phone was tracking you. Maybe you even remove the battery sometimes, but then no one can reach you, and whenever you need to make a call, or just check the time, or look up something on the web, you put it back in, and bam! it’s tracking you again.

Or maybe you have an iPhone, so there is no way to remove the battery. Soon this will be any phone, since, as one reviewer put it, “we’ve all already decided we value all of the aforementioned features more than a removable battery. If we didn’t, the iPhone would have died a quick death years ago.” That reviewer completely neglected to mention privacy concerns.

Maybe I will send the author of that review a copy of this post.

Maybe your phone takes a very long time to boot up, and you don’t live in the best neighborhood, and you get home from work after dark: you can’t risk even turning it off. So your phone is always on. Even though you’ve heard it’s tracking you.

Maybe you use a digital assistant, meaning, you talk to ‘Google’ or ‘Siri’ or possibly ‘Cortana,’ giving simple commands or asking simple questions. The implications may or may not have already dawned on you, that may be deduced from this: Since your device needs to respond whenever you say a certain phrase, it has to be monitoring — everything — all the time. The microphone in your phone is always-on, always-listening.

In the frenzy of tapping ‘Agree,’ ‘Agree,’ to all those contracts of adhesion when you first set up your phone, maybe you opted for that ‘battery-saving’ app. Or maybe you read the Terms of Service like I did, and, right where it gets around to talking in mealy-mouthed terms about third parties, you decided against it. As it turns out, at least in regard to the safety and security of the sensitive information of your location (which is what we’re talking about here), it doesn’t matter one way or the other.

Samy Kamkar’s android map
That’s right. Go ahead and turn ‘location’ off, and call 911, if you don’t believe me. Just like personalized search, you may if you choose to opt out of officially knowing about it, but you cannot turn that locate-ability off.

Because your phone transmits enough information, continually, to locate you, without the need for GPS. Oh, you know about that, right? That’s the way Apple used to do the ‘locate me’ thing. Some guy on the web had a script up, which you could use to find other people’s phones if you had the six-digit hexadecimal hardware address. I found my friend’s stolen laptop with it. Doesn’t work anymore, but if it did, that would be pretty scary, right?

Then there’s this team from Princeton who found a way to geolocate phones from data that anyone can access, no special permissions needed. Nothing that the end user has to agree to. No special SMS or email that he has to open up. No need for his phone to connect to GPS, or even to a WIFI network I say ‘theoretically’ because although their work was published and peer reviewed, their compiled code is not, as far as I can tell, available.

So there is no web page in which some jealous person can enter the cell number of their cheating lover to get their accurate, current location. Right?

The official answer may surprise you.


PROBLEM
(Skip to main point)

Picture a vast room with floors polished to a mirror shine and ridiculously high ceilings. An official place; in twos and threes, men in dark expensive suits walk back and forth, or gather in front of the huge semitransparent structure in the middle. It's a touchscreen, and rendered on is a world map, absolutely infested with tiny points of light that shimmer and shift. The lights go out periodically, only to be redrawn with new, real-time data. An agent zooms in with a hand gesture on one specific dot. It blinks.

And it moves, ever so slightly, whenever you do.

Location information is incredibly revealing. From your location history, over time, well, everything about you that matters may be deduced. What you buy. What you like to do and when. What meetings you go to; and who you talk to at length after those meetings; and, from the histories of those data points, what you have in common. Are you getting the picture? Because it is a picture of you, and, with the rest of the data being traded about you, I’d say that for a mere photograph it sure is detailed. Remarkably high definition.

A FIRST CRACK AT A SOLUTION
(Skip to main point)

Are you holding your phone? If so, you are definitely within earshot of an audio data collection point. Do yourself — and your friends, and your country — a favor. I say your friends — because the privacy of each of us is only as secure as the privacy of any of us. Put another way: if they can find your friends and your friends visit or contact you, that means they can almost definitely find you; and if they know where you are over time, well, see above.

I say ‘your country’ because what this amounts to is totalitarianism. You cannot control who knows where you are, who you are, what you are doing, what you are reading or writing or thinking. Anyone could know these things now. Absolutely anyone.

Because as we live our lives, and interact with a myriad of data-collecting devices, we cast a tangible shadow that persists, available to be copied and pasted in some private database, for five years, which might as well be forever. It is an intricate record, an accurate reflection of our every move and action.

Every jog, walk or ride. Every text message, phone call, or download. Every song, game, or movie; every search, click, or mouseover. All of these as geolocation data points, of measurable proximity to, and interaction with, what other points of what other devices, with what other histories.

If we all do not continue to expect and believe together that this data is and should remain private in the first place, it loses this privilege legally, by default. Our commonly held expectation of privacy if strong enough would certainly be a good place to start beating back this tide, Without that expectation and belief, no one would have legal standing to bring suit. One cannot claim one has been harmed if, when, or after, that privacy is compromised.

So make this affirmation out loud. It doesn’t have to be reasonable, feasible, justifiable, plausible, or rational. No one has to believe in it but you. Let it be a spell of protection, a mantra:

“As an American citizen, I have every expectation of privacy.”

MAIN POINT   

Evidence surfaced recently — proof — that each of us, that every one of us with a cellphone, might as well have a corresponding dot moving and blinking in real time, geolocated on a public map somewhere. Did I say might as well? I mean does. (Yes that map is real.)

Find links here, and below.


Let that sink in. THAT GIANT MAP IS REAL. It is a map of all connected devices. If you have a phone, or laptop, or tablet, or router for that matter, you are on it. I mean that absolutely literally. If you own a cell phone, you are on this map.

If this doesn't bother you, there's a good chance that you do not fully understand what this implies, or what real world situations are bound to arise from it. It no longer matters if you have "nothing to hide," and it will soon become obvious that it never mattered to begin with. It no longer matters how much data is being looked at; it is no longer relevant how few are paid to be doing the looking (although it should be noted that that number has ballooned since 9/11 turned the security industry into a "self-licking ice cream cone.")

We are naîve to the pont of denial if we think that the technologies and human resources of the bloated surveillance state cannot easily handle such work.

Detailed granular datasets for every internet connected device have already been compiled into vast databases. Powerful algorithms, neural nets, and AI have been, and will continue to be, developed to query these databases with ease. The process will soon be able to run entirely autonomously, needing human eyes only for a few key decisions.

I wouldn't be surprised if this were true already. Certainly that would go a long way to explaining the rather creative definitions that we learned that the NSA has for such common words as 'collect': if you will recall, these vast amounts of data are not officially 'collected' -- by definition -- until they are viewed by a human being.

We already know now for a hard fact that cell phones alone generate reams of detailed and in-depth information about each user. The historic revelations concerning the U.S. government spying on its own citizens were originally over a request by both the FBI and the NSA for data from one tower dump, remember? The FBI dropped off that map. The government admitted, begrudgingly, at first only to metadata and geographic location (and if you don’t know how much this reveals about you, you are in for a nasty surprise) going back seven years. We now know that limited hangout for the lie it was. All the security professionals in America should have known that it was a lie at the time. If not, there were clues here and there. And over there.

From EFF’s archive of the Securus Documentation

We can prove that continuous location information is readily available, even when the GPS is turned off; in some cases geographic location and hardware serials of the last three hotspots you visited. (Go wardriving, and you’ll get the histories of the devices attached to them.)

First, we learned that our private location information may be, and is, easily retrieved, without a warrant, or our informed consent, and with little to no oversight, at the will, or even whim of almost any police officer in America..

Then, we learned that, until recently, your location information could be retrieved by absolutely anyone with your phone number.

Robert Xiao’s dissection of the vulnerability
I repeat, up until may 17th, 2018, it was trivially easy for absolutely anyone to locate absolutely anyone else’s phone WITH ONLY THE NUMBER…

… and it very probably still isn’t that hard.

I say “until may 17th, 2018,” because that’s when this company, whose actions were busted by this security researcher, “fixed” the security vulnerability that enabled anyone, armed with a cell number, to locate it geographically in real time. They disabled the free demo of the service after being found out.

That’s all they did to fix it: they took the webpage that contained the free demo of their software-as-a-service product down off of the internet. The cached version of the page goes to their official statement about the incident, which mentions that they claim that the numbers this researcher plugged in were the only people affected. (If you only check out one of these hyperlinks, THIS, about that incident, is the MOST IMPORTANT.)

LocationSmart OnAsset Case Study

 I say “and it very probably still isn’t that hard” because the page was to a free demo. Anyone who already has an account can still do what was demonstrated. Furthermore, it is not a stretch of the imagination to think that anyone with a business name and enough money can still, easily, open a new account.

The digital shadows we cast are data-mineable details that are the 21st-century incarnation of the papers and effects of the 4th amendment to the United States Constitution.

But you need to know this: without a reasonable expectation, personal privacy is much, much harder to defend. If ‘everyone knows’ that ‘all the information’ on ‘everyone’ is ‘collected,’ we would have no legal basis to complain. None.

So do it again. However illogical this may seem, if it is true, its true:

“As an American citizen, I have every expectation of privacy.”

National parks have tech that can tell four legs from two and detect metal, and it is being used to catch poachers. Cities are linking up their cameras (though some have fought back: see here and here) to follow a target continuously, cross-referencing location information with video. (The prison-phone-call company in the second link boasted of doing this in — and out — of prisons).


From LocationSmart Documents
License plate readers and traffic cameras map the real-time location of all automobiles — and now, some cull the biometric data of driver and passenger from the photos mapped to the plates of course. Other license plate readers are doing double duty ‘keeping our borders secure,’ being linked to US Immigration & Customs Enforcement. Biometric data may be used to query Facebook’s vast database, which stores the unique facial recognition parameters for each user, and of course, makes this easy for anyone to search. This can be and has been, cross-referenced against DNA databases, both public and private. Facial recognition can now, in fact, recognize hundreds of faces at once.

Don’t have a mobile phone? When riding public transit, shopping in some mall, crossing the plaza in front of City Hall, do you know who is able to listen to you, and from where? How about when you are in your roadside-assistant enabled car? Or when you have your Garmin in its cradle, centrally mounted to the windshield?
Led Zeppelin, “Presence”: Usage Rights

Or maybe you bought a cool, sleek, ominous little pylon, that, from where it sits on the kitchen table, reminding you of that Led Zeppelin album cover, maybe as bad at fighting the creeping malaise of your increasing loneliness and isolation as it is successful at atrophying the minds of your children. It knows a lot about you, and as if the risks of features like ‘Look’ (with an always-on camera to give you fashion advice) or ‘Drop In’ (allowing friends to drop in on you without asking) aren’t scary enough on their own, it just may ‘accidentally’ do something crazy.

Amazon’s Alexa can act a bit odd
Sure, it isn’t location information at issue with these last three examples, but it is your privacy. The thing, you may remember, of which you had every expectation.

The following is a short far-from-comprehensive list of technology caught with its pants down, having its way with your bound and gagged data before it is sold to someone else. (All links, with human-readable titles, below.) I compiled it because, while I meant to be writing about your privacy, what I wrote about, above, may seem otherwise. It may seem to be just about your mobile phone.

Roomba remembers its maps – the better to data-mine you with
Not your fitbit, not your TV (see this and this), or your browser, or your cable company, or your wifi, or yourdoorbell, or your toilet, or your router, or your power meter, or your child’s doll, or your vacuum-cleaner-bot, or the ad outside the pizza place, or the billboard on the highway, or the helicopter overhead, or the thermometer in the aquarium in the lobby, or the white van parked outside, the streetlamp on the corner, or the blimp that you can barely see on the horizon.


So, however, we fight this, fighting back begins with not giving up. Rape is technically possible all the time since most men are stronger than most women. Rape is still, last I checked, illegal. Just because they have the power to geolocate any device, doesn’t mean they have the right.

So say it again. Third time’s the charm. Repeat after me, slowly, and clearly, even loudly, with a real, honest, heartfelt sense of conviction:

“As an American citizen, I have every expectation of privacy.”

If you only check one link check this one first"
Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers Without Consent in Real Time Via Its Web Site
If you only check two links check this second
New York Times: Service Meant to Monitor Inmates’ Calls Could Track You, Too

THE REST OF THE LINKS

An excellent quote from Eben Moglen from his talk “Innovation Under Austerity”
Government admits recording ALL cell phone conversations (CNN interview) – YouTube
“ZBV” – Z Backscatter Van – YouTube
Cartapping: How Feds Have Spied On Connected Cars For 15 Years
Networks of ControlA Report on Corporate Surveillance, Digital Tracking,Big Data & Privacy
Leonard Cohen – The Future Lyrics | Genius Lyrics
Wardriving – Wikipedia
PinMe: Tracking a Smartphone User around the World.pdf
7 Ways Alexa and Amazon Echo Pose a Privacy Risk
LocationSmart API Vulnerability – Robert Xiao
Hunting Poachers Remotely – MIT Technology Review
How to Tell if Your Samsung TV Has Been Hacked | WIRED
A Location-Sharing Disaster Shows How Exposed You Really Are | WIRED
The Privacy Threat From Always-On Microphones Like the Amazon Echo | American Civil Liberties Union
Verizon Breaks Silence on Top-Secret Surveillance of Its Customers | WIRED
Securus White Paper on Location Based Services
What an NYPD Spy Copter Reveals About the FBI’s Spy Planes | WIRED
Amazon Echo recorded conversation, sent to random person: report
Phew, NSA Is Just Collecting Metadata. (You Should Still Worry) | WIRED
How To Stop Your Smart TV From Spying on You | WIRED
Samy Kamkar – mapping MAC addresses
So Google Records All The Microphone Audio All The Time, After All? | Private Internet Access Blog
Experts Say Keep Amazon’s Alexa Away From Your Kids
Limited hangout – Wikipedia
Expectation of privacy – Wikipedia
Golden State Killer: DNA and GEDmatch profile led police to wrong man before suspect Joseph James DeAngelo – The Washington Post
Cartapping: How Feds Have Spied On Connected Cars For 15 Years
LocationSmart® | Location Services | Mobile Location /
Lee Gamble on Twitter: “A crashed advertisement reveals the code of the facial recognition system used by a pizza shop in Oslo…… “
New ‘Radar’ Billboards Spy on Unsuspecting Public, Then Track Them by Phone – Sputnik International
Smart meters pose personal surveillance risks, experts say – Washington Times
San Pablo Tables Plan to Expand City-Wide Surveillance System with License Plate Scanners from Company Tied to ICE | East Bay Express
Snowden Documents Indicate NSA Has Breached Deutsche Telekom – SPIEGEL ONLINE – Snowden_Documents_Indicate_NSA_Has_Breached_Deutsche_Telekom-SPIEGEL_ONLINE.pdf
Ring Doorbells carried major security glitch until recently, according to reports | JOE.ie
Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers Without Consent in Real Time Via Its Web Site — Krebs on Security
All the Ways Your Wi-Fi Router Can Spy on You – The Atlantic
From hackable toilets to major infrastructure, former MI5 boss warns of new terror frontier
WiGLE: Wireless Network Mapping
Service Meant to Monitor Inmates’ Calls Could Track You, Too – The New York Times
ACLU Obtains Documents Showing Amazon Is Handing Out Cheap Facial Recognition Tech To Law Enforcement | Techdirt
Why you should be worried about facial-recognition technology – CNET
San Pablo council stalls plan to add surveillance cameras citywide | Richmond Standard
Your Roomba irobot May Be Mapping Yor Home Collecting Data That Could Be Shared – The New York Times
You Are Being Tracked | American Civil Liberties Union
Massive Hack of 70 Million Prisoner Phone Calls Indicates Violations of Attorney-Client Privilege
Location Smart: OnAsset Case Study
Building a Mass Surveillance Infrastructure Out of Light Bulbs | American Civil Liberties Union
Why new phones will never come with removable batteries ever again
The NSA is mapping the internet – Tech News and Reviews – Linus Tech Tips
Hacker Breaches Securus, the Company That Helps Cops Track Phones Across the US – Motherboard
LocationSmart® | Location Services | Mobile Location /
Website leaked real-time location of most US cell phones to almost anyone | Ars Technica
Casino Gets Hacked Through Its Internet-Connected Fish Tank Thermometer
Stray Wi-Fi signals could let spies see inside closed rooms | Science | AAAS
Standard form contract – Wikipedia
Presence (album) – Wikipedia
Packet analyzer – Wikipedia
JLENS – Wikipedia
Your cable operator is spying on you and selling the data from your set-top box / Boing Boing
How to Implement Geolocation Without Draining Your User’s Battery
Edward Snowden – Wikipedia
Company used by police, prisons to find any mobile device breached (again) | Ars Technica
Anatomy of a leak: how iPhones spill the ID of networks they access | Ars Technica
Your Christmas Present May Be Spying on You – ABC News
EXCLUSIVE: Senior NSA Executive: OF COURSE They’re Collecting Everyone’s Content, As Well As Metadata | Washington’s Blog
Government Surveillance Program In The Bay Area Exposed « CBS San Francisco
What If It Is Not Just Metadata the NSA is Collecting? | Breitbart
LBS_F_WP_0218 v4.ai
Roadside Assistance Collateral
Police surveillance: The US city that beat Big Brother – BBC News

Recommended Books:
The Black Box Society: The Secret Algorithms That Control Money and Information
Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World
Networks of Control: A Report on Corporate Surveillance, Digital Tracking, Big Data & Privacy
Your private life will suddenly explode. —Leonard Cohen “The Future”


Be seeing you.

No comments:

Post a Comment