Monday, March 23, 2015

Justification for Your Paranoia

A busy couple of weeks at work, plus no gaming in over a week means I'm pretty brain-dead right now. So this issue of  "why you should be lying online" features a couple of amusing or informative videos...enjoy!

1) A Love Song for Big Brother?
This is my new #1 favorite song. Enjoy.

2) Who owns your data?
This is the absolute core of why you should be paranoid. It's not you. Irene Ng and David Reynolds talk about privacy and ownership in the digital age in this video from PHD. Their answer for privacy is not to hide/delete your data, but rather to put you in control of your own data so it becomes an asset that you can use as currency to get goods or services out of the companies that want to abuse that data. For more information about their project, check out the Hub of All Things (HAT).

3) Library Freedom!
The Library Freedom Project is an initiative that aims to make the promise of intellectual freedom in libraries real--a partnership of librarians, technologists, attorneys, and privacy advocates to teach librarians about surveillance threats, privacy rights, and privacy-protecting tools (like TOR and Tails). 
Libraries have historically been staunch defenders of privacy, taking public stands against surveillance initiatives. Libraries offer public internet terminals, and librarians teach free computer classes to the public. But libraries tend to serve communities particularly vulnerable to surveillance (including immigrants, Muslim Americans, people of color, people who are homeless, and those who have been incarcerated) in higher numbers than in the general population. Thus, libraries are an obvious place to promote and protect online privacy and anonymity and fight against digital censorship and surveillance.
The American Library Association's code of ethics demands that library professionals "protect each library user's right to privacy and confidentiality" and the LFP is taking that very seriously. Their goal is to conduct 100 librarian trainings in two years, and build a website of resources for librarians who want to teach their communities how to protect themselves against online surveillance. These are people that definitely deserve your support.
And even for those of you who are not librarians, the LFP's privacy toolkit includes a pretty solid list of the tools that every conscientious internet user should be taking advantage of.

4) Because they really needed another way to track your phone...
"Our smartphones are always within reach and their locationis mostly the same as our location. In effect, tracking thelocation of a smartphone is practically the same as tracking thelocation of its owner. Since users generally prefer that theirlocation not be tracked by arbitrary 3rd parties, all mobile platforms consider the device’s location as sensitive information and go to considerable lengths to protect it... In this work we show that applications that want access to location data can bypass all these restrictions and covertly learn the phone’s location." -- Scary words, eh?
According to the latest research in the field of mobile operating systems, it was discovered that it is possible to track cell phones via accessing power usage log(s) or files of a device. This particular data set does not require user permission to be shared; it is already set to that status by default. This technique (created by researchers at Stanford), dubbed ‘PowerSpy’, is able to collect information regarding the Android phone’s location. It simply does that by tracking how much power was used at a certain time.
How much power is used depends on a variety of factors. For instance, the closer in proximity that the phone is to the transmitter, the less power is required to obtain signals but the further it goes from the tower, the more power it will require in order to keep itself connected. Objects such as buildings, trees and other things also have an impact on the amount of power needed from the battery, as these obstacles block the phones signals thus they are power drainers.
“A sufficiently long power measurement (several minutes) enables the learning algorithm to ‘see’ through the noise. We show that measuring the phone’s aggregate power consumption over time completely reveals the phone’s location and movement.” “If you take the same ride a couple of times, you’ll see a very clear signal profile and power profile. We show that those similarities are enough to recognize among several possible routes that you’re taking this route or that one, that you drove from Uptown to Downtown, for instance, and not from Uptown to Queens,” states Yan Michalevsky, one of the researchers from Stanford.
He further stated that if a person installs an application such as Angry Birds, that requires internet but does not ask for any location permission, it will still gather information and send it back to the hacker to track the target in real time, as in what routes one has taken and where did that person drive/travel too.
But with this entire hack, there is a loophole. Experts say that is impossible to gain data if the hacker has not used the same route before.
If a phone has only a few applications running then it would be easy to track the device as the power being used by the device is more consistent, versus phones with more apps as those apps use processor and RAM randomly, ending up with a data of unpredictable power usage.
This is not the first time that Michalevsky and his gang have used weird phone parts to disclose user sensitive details. In 2014, with the help of expert cryptographer Dan Boneh, they were able to discover a means in which they were able to exploit the gyroscope sensors in a phone and fashion them into crude microphones. They did that by picking up digits spoken in to the phone, and with this they were even able to distinguish between male and female voices by the vibrations. “Whenever you grant anyone access to sensors on a device you are going to have unintended consequences,” says Professor Boneh at Stanford University.
PowerSpy is just another reminder of the danger given to us by the un-trusted applications as we allow them to access a sensor that picks up more information than it was originally allowed to...