Internet & location privacy/security
Get flash to fully experience Pearltrees
Our privacy promise The New Yorker's Strongbox is designed to let you communicate with our writers and editors with greater anonymity and security than afforded by conventional e-mail. When you visit or use our public Strongbox server, The New Yorker and our parent company, Condé Nast, will not record your I.P. address or information about your browser, computer, or operating system, nor will we embed third-party content or deliver cookies to your browser. Strongbox servers are under the physical control of The New Yorker and Condé Nast in a physically and logically segregated area at a secure data center. Strongbox servers and network share no elements in common with The New Yorker or Condé Nast infrastructure.
Share This Mobiles can be useful tools for collecting, planning, coordinating and recording activities of NGO staff and activists. But did you know that whenever your phone is on, your location is known to the network operator? Or that each phone and SIM card transmits a unique identifying code, which, unless you are very careful about how you acquire the phone and SIM, can be traced uniquely to you?
THE LEDE : The Senate Judiciary Committee will take up Sen. Al Franken’s (D-Minn.) Location Privacy Protection Act on Thursday. The bill would require companies to get a customer's consent before collecting or sharing mobile location data. “Every smart phone out there is a personal tracking device that transmits our location,” Franken said in a statement on Wednesday. “What most people don’t realize is that the law allows companies to collect and disclose our location information without our knowledge or consent – and that a lot of companies are doing just that.
<img src="http://www.wired.com/images_blogs/threatlevel/2009/12/sprint_top.jpg" alt="" width="640" height="341" /> Tracking a Sprint Nextel cellphone. Image: U.S.
Senator Mark Leno’s bill banning warrantless government searches of cell phone location information survived its first test at the California State Legislature, but it didn’t emerge unscathed. The ACLU of Northern California, a co-sponsor of the measure, told The Chronicle that the California Location Privacy Bill passed through the Public Safety Committee late Tuesday, meaning it’s headed for a full vote later this year. But Senators Curren Price Jr.
In 2008, a Reston, VA based corporation called Oceans' Edge, Inc. applied for a patent. On March, 2012 the company's application for an advanced mobile snooping technology suite was approved. The patent describes a Trojan-like program that can be secretly installed on mobile phones, allowing the attacker to monitor and record all communications incoming and outgoing, as well as manipulate the phone itself. Oceans' Edge says that the tool is particularly useful because it allows law enforcement and corporations to work around mobile phone providers when they want to surveil someone's phone and data activity. Instead of asking AT&T for a tap, in other words, the tool embeds itself inside your phone, turning your device against you.
In June 2011, Colette Giudicelli, a senator representing the Maritime Alps region of France, wrote to Claude Gueant, the French Interior Minister: Many foreign police and intelligence services use clandestine “Silent” SMS to locate suspects or missing persons. This method involves sending an SMS text message to the mobile phone of a suspect, an SMS that goes unnoticed and sends back a signal to the sender of the message. Colette Giudicelli would like to know whether this procedure has been used in France.
But as a German Green party politician, Malte Spitz, recently learned, we are already continually being tracked whether we volunteer to be or not. Cellphone companies do not typically divulge how much information they collect, so Mr. Spitz went to court to find out exactly what his cellphone company, Deutsche Telekom, knew about his whereabouts. The results were astounding. In a six-month period — from Aug 31, 2009, to Feb. 28, 2010, Deutsche Telekom had recorded and saved his longitude and latitude coordinates more than 35,000 times. It traced him from a train on the way to Erlangen at the start through to that last night, when he was home in Berlin.
After this week's disturbing revelation that iPhones and 3G iPads keep a log of location data based on cell tower and WiFi base station triangulation, developer Magnus Eriksson set out to demonstrate that Android smartphones store the exact same type of data for its location services. While the data is harder to access for the average user, it's as trivial to access for a knowledgeable hacker or forensics expert. On Wednesday, security researchers Alasdair Allan and Pete Warden revealed their findings that 3G-capable iOS devices keep a database of location data based on cell tower triangulation and WiFi basestation proximity in a file called "consolidated.db." The iPhone, as well as 3G-equipped iPads, generate this cache even if you don't explicitly use location-based services.
Nick Merrill, who challenged a demand from the FBI for user data, wants to create the world's first Internet provider designed to be surveillance-resistant. (Credit: Sarah Tew/CNET) Nicholas Merrill is planning to revolutionize online privacy with a concept as simple as it is ingenious: a telecommunications provider designed from its inception to shield its customers from surveillance. Merrill, 39, who previously ran a New York-based Internet provider, told CNET that he's raising funds to launch a national "non-profit telecommunications provider dedicated to privacy, using ubiquitous encryption" that will sell mobile phone service and, for as little as $20 a month, Internet connectivity.
Brad Stone at the New York Times reports on an industry group working on a new platform for portable digital movie downloads: The [ Digital Entertainment Content Ecosystem or DECE] is setting out to create a common digital standard that would let consumers buy or rent a digital video once and then play it on any device... Under the proposed system, proof of digital purchases would be stored online in a so-called rights locker, and consumers would be permitted to play the movies they bought or rented on any DECE-compatible device. [DECE is] selecting Neustar , a company based in Sterling, Va., to create the online hub that will store records of people’s digital purchases , with their permission. Most consumers have likely never heard of Neustar , yet the firm plays an important role in the telecommunications industry, and has built a highly profitable business faciliating the disclosure of information regarding consumers' communications to law enforcement and intelligence agencies.
The UltraViolet licensing programme for media, technology and service providers has now opened. Later this year, consumers in the United States will be able to purchase movies and television shows with UltraViolet rights. The technical specifications include a common file format for downloads, designed to work with multiple digital rights management systems. The centralized UltraViolet license broker will be developed and operated by Neustar, a directory and registry operator for telephony and internet services.
A security researcher has posted a video detailing hidden software installed on smart phones that logs numerous details about users' activities. In a 17-minute video posted Monday on YouTube, Trevor Eckhart shows how the software – known as Carrier IQ – logs every text message, Google search and phone number typed on a wide variety of smart phones - including HTC, Blackberry, Nokia* and others - and reports them to the mobile phone carrier. The application, which is labeled on Eckhart’s HTC smartphone as "HTC IQ Agent," also logs the URL of websites searched on the phone, even if the user intends to encrypt that data using a URL that begins with "HTTPS," Eckhart said. The software always runs when Android operating system is running and users are unable to stop it, Eckhart said in the video. "Why is this not opt-in and why is it so hard to fully remove?"
<img class="alignnone size-large wp-image-33998" title="image002" src="http://www.wired.com/images_blogs/threatlevel/2011/12/image002-660x402.jpg" alt="" width="660" height="402" /> MOUNTAIN VIEW, California — An embattled phone-monitoring software maker said Friday that its wares, secretly installed on some 150 million phones, have the capacity to log web usage, and to chronicle where and when and to what numbers calls and text messages were sent and received. The Carrier IQ executives, speaking at their nondescript headquarters in a residential neighborhood in the heart of Silicon Valley, told Wired that the data they vacuum to their servers from handsets is vast — as the software also monitors app deployment, battery life, phone CPU output and data and cell-site connectivity, among other things. But, they said, they are not logging every keystroke as a prominent critic suggested.
Since the beginning of the media frenzy over CarrierIQ, I have repeatedly stated that based on my knowledge of the software, claims that keystrokes, SMS bodies, email bodies, and other data of this nature are being collected are erroneous. I have also stated that to satisfy users, it’s important that there be increased visibility into what data is actually being collected on these devices. This post represents my findings on how CarrierIQ works, and what data it is capable of collecting. There has been a lot of misinformation about which parties are responsible for which aspects of data collection. At a high level, CarrierIQ is a piece of software installed on phones that accepts pieces of information known as metrics . On receiving a submitted metric, CIQ evaluates whether that metric is “interesting” based on the current profile installed on the device.
Security, Censorship, & Internet
social networking: privacy/security
oim & tracking