Thursday, August 26, 2010

Privacy? What Privacy?

People Spying On You Using Your Own Electronics
by Paul Meyers of TalkBiz Digital

Cells phones, cam-corders, etc. This is scary so be sure to be sitting down.

Let's start with the least intrusive, and work up to stuff you may not believe is happening.

The last few are downright creepy.
 ....

There's a thing called "IP geolocation," which uses a database of IPs (numbers locating your computer on the network) and  physical areas to show where a computer is located. There are a  bunch of these, and the accuracy can be anything from very close to wildly off the mark. The good ones can narrow it down  to a few blocks, in most cases. Sometimes to a specific  building.

You can see this most often when you notice an ad on a site  that's used by people all over the world, but mentions your  city by name. "[YourCity] mom discovers..." or "Man in  [Hometown] loses 47 pounds using..." That's IP geolocation in its mildest form.

 Twitter has offered the option for a while to attach your IP address to a tweet, basically trying to tell people where you  are. You have to opt into that, though. It's turned off by  default.

Facebook's new "Places" settings options enable a more  advanced function by default. The idea is to make it easy for your friends to know where you are. Unfortunately, it also makes it easy for people you might not want to share your location with to find you. Or know when you're not home...

It's easy to disable this option, if you know it's there and what it's called. John Williams sent me a link to the instructions. You can read those here:
http://lifehacker.com/5616395/how-to-disable-facebook-places

 Why would this matter?

 Well, maybe you don't want your friends to know where you are  every minute that you're online. Or maybe you don't want world+dog knowing when you're not home. Or maybe you don't want your employer knowing you're logging onto Facebook from work.  Or from the park when you called in sick.

 Just how much info should be distributed about you automatically?

 But wait... There's more!
 ....
There are applications on some portable devices and phones that can transmit the data from a GPS system to other sites. This  can be used to pinpoint your exact address, and your location to within a few feet.

That's how the "Places" function on Facebook works. And, with the default settings, your Facebook "friends" can "check you  in" if they're with you. Handy, if you're careful about who your "friends" are, and who you allow to share the info. Given the default settings, though, it's an announcement to the world  every
time you log in from a mobile device.

That can get into the realm of the dangerous. With it set to  "Friends of friends" able to view the info, you could be  broadcasting your location to burglars, stalkers, ex- employees, your employer, or even just that annoying person you'd rather not see right now.

Given recent comments from CEOs Mark Zuckerberg (Facebook - "Privacy is dead") and Eric Schmidt (Google - "If you have  something that you don't want anyone to know, maybe you  shouldn't be doing it in the first place"), there is every  reason to believe these services will be used as aggressively  as possible.

Both companies have said the comments were taken out of context. That could be easily believed of Zuckerberg's remark.

Schmidt's is a bit less dismissable. None of that matters,  though, when you look at the way their firms actually treat their users' private data. Facebook set this option to "On" by  default. Google initially opted every Gmail user into their  social networking platform, Buzz, and created significant and  foreseeable problems
for some users.

I'm pretty sure I don't want those sorts of decisions made for me without my knowledge or consent. How about you?

 And it gets (potentially) much, much worse.
 ....
Apple has applied for a patent that has some deeply disturbing implications:
http://www.commondreams.org/view/2010/08/24-0

The summary: They want a patent on software that, in mobile devices, would let them listen to your conversations and/or take pictures of you or your surroundings, without any way for you to know it's happening. Just remotely activate those  functions, at their own discretion.

It would also let them monitor biometric data and all of your online activities while using their devices.

Ostensibly, this would be developed for purposes of preventing theft, or catching thieves. It's even been suggested to me that Apple may want the patent to keep the idea from being used by others.

 I don't buy it. But that doesn't really matter.

First, it's nearly certain that, if this technology is deployed and not made illegal for use by private citizens, it will be abused. The theft-prevention rationale was offered, for example, by the Lower Merion school district,
in their program giving laptops to every high-school student. "Only to enable recovery in event of theft," they said. That didn't stop people at the school from using it to spy on students in their homes.

 Yeah. Really.

One kid was disciplined for "improper behavior" that occurred  at home, in his bedroom. The Vice-Principal used a photo taken using the webcam in the laptop as his evidence. According to a forensic analysis commissioned by the district, the school took 66,503 screenshots and photos using these systems.
The school admits these include pictures of the kids in their bedrooms.

If teachers will do that, what would a corporation do?
 ....
So, if you have one of these portable devices, where do you use  it? In what situations do you simply carry a cell phone, iPad or other portable computing device? Do you want people able to spy on you in all those places, at any time, without warning?

It's been suggested to me that there is prior art that might  cause the USPTO to reject such a patent application, or be used  later to invalidate it if granted. That raises other challenges. Specifically, anyone at all could include it in their systems.

Google has a cell phone OS. Just how much do you want them to add to their collection of data on you?

Then there's the "social networking" phone, which is designed specifically for use with Facebook and Twitter. Do you want your kids to have one of those broadcasting their location to the world at every moment the phone is on?

This isn't science fiction, folks. We're not getting into foil fedora territory here.
This stuff is real.
 ....
And then there are the outright criminals.

There is already malware code in the wild that lets remote  operators turn on the webcam on infected computers. That's not a big deal if you use a desktop machine and don't keep one  connected, or disconnect it when you don't intend to use it.

But what about the laptops and netbooks, and even some  monitors, that are sold with a camera and microphone installed in the machine itself? The last two portables that I got have them. Where do you, or your kids or employees, use laptops?

This isn't especially difficult stuff to do. And the market isn't restricted to criminals. For instance, on the first related search I did, I found someone asking how to remotely activate the webcam on his wife's laptop without her knowing.

Some of these devices come with GPS systems installed. Anyone who can access those will know exactly where you are, what you're doing or discussing, and with whom.

Anyone want to market sound-proof phone carriers, with built- in Faraday cages?
A month ago, I would have considered that a ridiculous idea. Now, I'm thinking it's a niche.
 ....
Electronic security isn't just about data protection any more, folks. It's gotten very personal, and it's about to get more so.

You can take steps to reduce your exposure to this kind of invasion of privacy. First, make sure you have proper security software on all your computers. That's good policy anyway,  so that's not too extreme.

With the social networking sites, it's a matter of watching your preferences. Also just common sense. And easy.

Don't leave external webcams attached when they're not in use,  if you have any objection to what you do in the same room with them being seen by someone else. Using a USB hub makes disconnecting them easy, and it's a reasonable precaution, with the amount of trojans running loose online.

With laptops and netbooks, just be aware that this stuff is possible, and take whatever precautions you may feel are  appropriate. That might be nothing at all, for many of you. It could mean turning the thing off when it's not in active use.Or putting tape over the camera lens. Or, if you have the need or desire to be
especially cautious, having a physical switch installed to prevent remote activation of the camera or microphone.

I can't begin to guess what level of security will work for you. Some people won't consider it an issue at all, and they may well be right. For them. For others, these are real concerns. It's getting very easy to install this kind of monitoring code, and there are too many people with incentives to do it. Employers, co-workers,
competition, family members,  and various less savory types. Brings new meaning to the word  "spyware," yes?

 Make sure your kids are aware of the potential issues, too.
 ....
I'm told that law enforcement agencies have had the ability to turn on cell phones remotely as listening devices for a while now, with a proper warrant. I consider that a very different thing than random strangers being able to access these kinds of info at will.

As of this moment, I am not aware of this being a problem for cell phones and similar portable devices. Just keep this in  mind, and pay attention for it.

Whether Apple gets that patent or not, it's coming.
 ....
If it's installed or used by any corporation, I have a suggestion that seems appropriate: The top officers and all members of the board(s) of directors should be required to  carry one of the devices with them at all times, with the audio and video enabled 24/7, and streaming to the web for the whole world to view.

 Hey, if we don't get to decide what we can keep private, why should they?
 ....
The idea here isn't to scare you, or create some sort of conspiracy buzz. If that was the goal, I'd point you to an even more extreme, and equally current, example of invasive observation: http://talkbiz.com/r/iris.php

As you can see, this stuff is real. The technology exists right now, and most of it is already in use. It may not pose much of a threat to many of us, but it's something to be aware of and to watch out for.

Knowing it's possible is 90% of the battle.

Be careful out there.
Copied from newsletter by
Paul Meyers

If you go to Paul's site be sure to sign up for his newsletter. As a gift for joining his 12 year old list he will give you for FREE his e-book, "Need To Know". It is worth signing up for the newsletter to get the e-book.