Recent Comments


Note: new comments may take a few minutes to appear on this page.

March 5, 2015 11:49 PM

65535 on Now Corporate Drones are Spying on Cell Phones:

@ Wael

It appears that a thick metal boiling pot [about .25 inch thick] with heavy metal lid [not exactly sure of alloy – iron but feels lighter] works to totally stop cell phone signals. Once inside the pot not cell phones ring.

I did ground the pot via an electrical out let ground and wire clip. I am not sure if the ground is need. I also used a ceramic dish to hold the phones in bottom of pot.

It is not the most eye catching or high-tech device but it seems to work.

March 5, 2015 10:21 PM

WalksWithCrows on The Democratization of Cyberattack:

Correction: " Also means the shows like the game, spooks, worricker, tinker tailor were all presented not entirely realistically & faithfully."

@Sancho_P

Of course I can’t tell for all foreign - foreigners (= not Five Eyes), but although we have quite some conspiracists here I feel the average simply found the USG with their pants down.
Believing in a super_bright_global_brain behind is impossible when watching the POTUS and his goats on a nearly daily basis, sorry.
We have similar “corrupticos” at the top, as we always had, that’s not new to us.

(-: ... heheheh....

Yes, will, I just add I really hesitated before putting "allies" in there. Not because the consideration would not come to their mind. Because of the way experience would have wired their brain, it would. But they would be unlikely to pursue the matter or discuss it because of the fact that it would be meaningless to them to do so. Partly, that is because critical or not, there is trust there. And that trust is founded on strong reasoning.

To frenemies... chess playing Russians & go playing Chinese... they might be pursuing that very angle. Not sure how alienating it might be for them to do so. I would not be surprised if they did not have very small teams dedicated just to that.

While many more and much larger teams would be busy chasing down the leads which all that thrown out intelligence gave them. Probably, they have found very many key, compromised routers, computer systems, and handsets... as well as who knows what other many types of compromises.

Well substantiating all of that information as being destructive to the five eyes cause and so substantiating the value and plausibility of it.



However, you are right about the real danger, biased mainstream media - and their manipulating the mainstream people.

Thank you.


@Skeptical

@Walks: The "Kill the Messenger" scenario ...
Hold on. That's certainly not what I'm doing.


LOL!

I'd rather a journalist inform me of facts and allow me to make up my own mind concerning their implications for social reform.

I am not aware of any inaccuracies in his work. Bruce Schneier actually acted as a technical consultant for him on this.

I do think, when dealing with people who are passionate according to one political way or another, it is important to counter that information - regardless of how persuasive - with contrary opinions of weightiness.

I do believe the disclosures were real and substantial. There is considerable evidence to that effect. Stating otherwise might be implying all or some of the disclosures of the past few years was intentional disinformation efforts with a primary focus of operating as a distraction.

That is not ethical to suggest, unless you are very confident of the irrelevancy or preposterousness of the possibility. If your argument is... it is: unintentional disinformation and unintentional distraction... then that puts into question, still, everything. And one might begin to consider that many of the projects disclosed were downright preposterous to begin with.

In fact, it would all be effectively quite a big joke for some, who would be laughing considerably at so deeply outsmarting their adversaries.

Nothing could be further from the truth. Clearly.

March 5, 2015 10:18 PM

Nick P on Friday Squid Blogging: Humboldt Squid Communicate by Flashing Each Other:

@ Wael

Haha. It's the castle metaphor and comparison to prison I don't like in the metaphor/model/framework. Most tech I reference have attributes of both. His prison metaphor applies to his architecture pretty well, though. Plus, that's what he named it.

March 5, 2015 10:03 PM

amazombie on Friday Squid Blogging: Humboldt Squid Communicate by Flashing Each Other:

Sew together a hippo and gator for a hippogator. It has two mouths and eats lots. It's like big government, it's always mad. Why's it always mad? It never craps. Change the political party symbols. Elephant retired and there are lots of hippo critical people.

March 5, 2015 9:15 PM

65535 on Now Corporate Drones are Spying on Cell Phones:

@ Georg Kokte

“If I'm reading the article correctly, turning off wifi and gps will not be enough, as they'll the cellphone towers themselves to locate the device. What we'll need is a cellphone cover that acts a faraday cage. (I'd totally buy that, btw)” - Georg Kokte

As others have said there are not real laws against a foreign company collecting American cell phone data and selling to an unknown amount of international buyers. That is troubling.

I was thinking along the same lines as you to block cell phone transmissions while cell phones are on my property.

This would include all the kids that visit with their shiny new iphones. These kids tend to photograph everything.

I tried a stainless steel pot to conduct an RF blocking experiment. If you have any suggestions let me know. Below are the results:

[question]

“How thick should a low cost stainless steel cooking pot be to stop a mobile phone signal?” …The main idea of my experiment to find a low cost [cell phone] signal blocking item [cheap common item]. A pot seemed like a good idea – plus it conceals well with other pots. I am planning to institute a 'no-cell phone' policy at my place…the mic and camera on most cell phones can be turned on any time – which is not real privacy” -65535

https://www.schneier.com/blog/archives/2015/01/friday_squid_bl_463.html#c6688271

[answers]

“The signal didn't penetrate the steel. It went through some "hole". Try the experiment with this variation: get your stainless steel pot, put a small non metallic plate inside it, put your cell phone on top of the plate, then get a piece of aluminum foil and cover the top of the pot with it. Make sure the aluminum foil isn't leaving any gaps and touching the rim of the pot everywhere.”- Wael

https://www.schneier.com/blog/archives/2015/01/friday_squid_bl_463.html#c6688275

“You got to ground the pot.” -Herman

https://www.schneier.com/blog/archives/2015/01/friday_squid_bl_463.html#c6688325

[and]

“Part of the problem is that aluminum isn't the best conductor of electricity. Copper is normally used for thin shielding enclosures.” –Wael

https://www.schneier.com/blog/archives/2015/01/friday_squid_bl_463.html#c6688328

"The first is the sensitivity of the phones receiver, it almost certainly gets down to -90dBm and may be down past -120dBm when you take the inbuilt antenna design into account. A single layer of foil or aluminium is probably only good for between 20-70dB antenuation of the E field depending on the care of construction. Just "folding" aluminium foil around the phone which works in the low microwave bands is going to be nearer 20dB antenuation not 70dB of the E field thus if you are testing in an urban environment you are probably to close to the cell mast for the antenuation to be sufficient. This is why most RF cages have two carefully constructed layers seperated by a reasonable quality insulator" - Clive

https://www.schneier.com/blog/archives/2015/01/friday_squid_bl_463.html#c6688318

And, yes the idea of removing the battery is good as is the somewhat expensive RF shield bag.

March 5, 2015 7:55 PM

amazombie on The Democratization of Cyberattack:

Cheap secure burner phones can have explosives detection too.

"Initiated by the University of Tokyo and with Microsoft Research contributing to the concept, Georgia Tech took the reins of the project building on its materials and circuit design expertise previously seen in the creation of paper-based sensors for explosives. The team was able to print ink-based circuits in as little as 60 seconds." http://www.gizmag.com/georgia-tech-inkjet-printable-circuits/29731/

In the environment of billion dollar budgets and trillion dollar debts and insecure tools it would be revolutionary. It might save money which saves lives. They're losing both. It's all our fault for wanting secure devices. You could have the phones call in if explosives are detected. Status quo is burn the user and bill the plastic.

In a standard privacy policy, the section describing when your information will be shared with third parties is often buried in a primary heading three-quarters of the way down. Typically, there are four reasons that your privacy rights may be breached:

Responding to legal action
Public safety
Enforcing terms of use
Dealing with fraud, security problems, or technical issues
http://info.burnnote.com/
Fifth reason? They need more resources and your goods can be taken and sold to fund more security operations and make jobs for people with an interest in the advanced auction of stolen goods which is the election. This will expand the corruption and fund more Detroit style progress. Too much democracy is like too many fifths of bourbon. Fraud, security problems, or technical issues covers everybody and with fewer deals these days that auction of stolen goods looks like an option in a land of fewer other options. You're on your own.

New simplified privacy policy: YOU HAVE NONE!
“Public safety” is the reason that concerns us. As well it should. Trade some temporary safety for liberty and end up with neither safety or liberty. What else is new?

March 5, 2015 6:53 PM

Nick P on The Democratization of Cyberattack:

@ Skeptical

"It's very hard not to interpret that as a threat."

I interpret it as self-defense against a police state acting on vendetta. They grabbed a guy unrelated to the crime, interrogated/held him for 9 hours, and his husband threatened a damaging response. The problem I'm seeing is how U.K. government behaved. I'm surprised stunts like that haven't had more negative consequences. That applies to U.S. (esp FBI) too.

Short version: going after people's families can result in retribution or even make them act crazy. Best not to do that.

March 5, 2015 6:49 PM

amazombie on The Democratization of Cyberattack:

Printable Circuits for Novice Hackers - Gizmag | New...
www.gizmag.com › … › Prototype › Silver Ink
Nov 10, 2013 · Print on paper and if your design goes up in smoke, the entire PCP (Printed Circuit Paper) goes up in smoke, and probably flames, with it. What would be ... We should be able to make burner phones as cheap as the disposable cameras. Cheaper with higher volume sales. Make circuit a one-time pad, use a few times and toss in the fire. Shred it and drop in recycling box or shred and burn. Carry a PDA unconnected and a YODA burner.

March 5, 2015 6:39 PM

Nick P on Friday Squid Blogging: Humboldt Squid Communicate by Flashing Each Other:

@ MikeA

Well, that makes sense. JIT's present a more complex situation than most. Typed assembly languages and proof-carrying code seem to have the most promise for that.

re branch targets

That's an interesting idea. The processor might check upon a branch instruction if the target is a permissible jump. Not sure if this is safe as it the jump can come from an arbitrary source with arbitrary data. They might jump to a critical part of the app or kernel. Code vs data tagging seems more cost-efficient for now.

" I fondly recall the CDC 6x00 and 7x00, particularly the notion that the CPU was a "brain in a bucket" whose memory mapping and I/O was completely under the control of a supervisory processor. "

@ Clive Robinson

The above sounds a bit like your Prison architecture concept. Seems like CDC was going that route a long time ago. Abandoned for efficiency as with most good security architecture.

March 5, 2015 6:17 PM

Dirk Praet on Filming the Police:

@ Marcus Schuller

You may go making that silly quote about trading freedom for security, but that's the mark of immaturity.

You call quoting Benjamin Franklin a mark of immaturity? I beg your pardon ?

People need to grow up, put away their phones, and obey the orders of officers, when they tell them not to film.

No, Marcus, they should do no such thing, and for the very simple reason that officers asking people to do so - and with the exceptions I explained in my previous post - is a violation of their constitutional rights as formally upheld by the courts of your country. Full stop.

If you are not happy with this, try to get a formal case all the way up to SCOTUS or write your local congressman to have the constitution amended. The simple alternative is moving to Russia, China or the DPRK, where the situation on the ground seems to be much more in sync with your feelings on the issue.

@ Re:Dirk

Constitution read up

Thanks for that.

March 5, 2015 6:17 PM

Skeptical on The Democratization of Cyberattack:


@Dirk: It stands to reason that said officials will have commented on the proposed articles, but it is impossible for them to have explained or "corrected" any interpretations of these documents - even off the record - for the simple reason that they can't. Unless documents in question have been declassified or the journalist/editor in chief has been given a security clearance at the appropriate level, they are not allowed to discuss them.

In fact at least one journalist (a well-respected, very careful journalist at that) has noted that he was readying a story for publication when he was shown that he had misinterpreted the documents used by such a magnitude that he simply killed the story. I'd be happy to provide a citation if you'd like.

As to your reason for thinking this impossible, the USG can determine whether, and what, information - classified or not - to disclose to a journalist in the course of a discussion about stories like these. It'll certainly be limited, and there's plenty that they absolutely won't discuss. The extent to which they do will depend on the circumstances of the individual story - who the journalist is, who the publisher is, what the story is about, what the consequences are if the story is published without additional input from the government, etc.

Sometimes the disclosure is to persuade the journalist not to publish a story. An example might be a story about a kidnapped person's affiliations with the USG. Sometimes the disclosure is to defuse a false story before it is published, especially if refuting it after publication might be difficult for the USG to do without causing additional damage. Sometimes... etc.

There are going to be a lot of variables that affect that type of decision - but those decisions do happen, clearly.

@Walks: The "Kill the Messenger" scenario ...

Hold on. That's certainly not what I'm doing.

... Point being: major, respected American media outlets are deeply biased. Does not mean they may be devoid of any manner of journalistic ethics & professionalism. Because, after all, there are plenty of stories they do not and will not report on, often because they are too dangerous, too important to do so. Their audience, after all, wants to hear what their itching ears long to hear. That, is where the bias comes in and stays at.

To different degrees, every person carries certain biases. That's unavoidable. But the difference in degree matters. There is a great difference between a capable journalist that strives to deliver to me relevant facts and background about a subject in a way that minimizes the biases of the journalist, and a capable activist that strives to deliver to me a brief persuading me of his case.

The journalist might care most about getting his facts correct. The activist might care most that I derive the "right" message from his brief.

There's an important place for both of them in a democratic society. But it's wrongheaded to think of good journalists as simply persons with different biases than those who are openly activists.

... the bias of the moderates. That is the particularly blinding bias. That is the sort of bias which makes major social change truly difficult to gather steam.

I'd rather a journalist inform me of facts and allow me to make up my own mind concerning their implications for social reform.

There are plenty of folks with political opinions and policies to push. It's much harder to find truly good reporting by someone adequately supported by an institution that cares most about getting the facts right, regardless of what cause or what side those facts happen to support.

Good opinions and good arguments are important. But so is good journalism and good information.

@QnJ1: Citation needed.

Here's the video: http://www.telegraph.co.uk/news/worldnews/northamerica/usa/10253544/Glenn-Greenwald-threatens-UK-after-partners-Heathrow-detention.html

It's very hard not to interpret that as a threat.

And then there's the even less ambiguous, ill-advised threat he made regarding the consequences for the US should it assassinate Snowden. While the notion of the US killing Snowden is absurd - truly, seriously, bad Hollywood movie levels of absurd - it's also clear that Greenwald meant what he said to be taken seriously.

So the level of confidence that the USG has that it can go to Greenwald and have a straightforward discussion may be, understandably, on the low side. Greenwald would argue, no doubt, that this makes him less corrupted and less biased towards the government. But in fact it simply makes him less informed when he writes his stories. That should lead him to be more careful in his writing, but he's clearly a passionate guy who writes as he thinks. Unfortunately he has some deeply held assumptions about the USG as a whole that drive his analysis, and those assumptions frequently fail to capture the reality.

All that said, I actually respect the authenticity of the passion behind his work. I think it comes from a good place, that the intentions are good, that the ultimate ends intended are good. It's in part what distinguishes him from a lesser hack who is simply reading talking points for his cause, or faction, or party.

March 5, 2015 5:31 PM

Sancho_P on The Democratization of Cyberattack:

@ Rolf Weber (5, 01:40 AM)

Look, this is exactly why most of us ordinary people are furious when thinking about secret, global surveillance:

The stolen (“collected”) data is (was) taken out of context.

But in contrast to the work of criminals these Power Points were brought to the public light by Ed Snowden and “highly biased journalists” [1].

What you call “crap” was from the NSA, interpreted by their own silence.

A honest and innocent USG reaction would have been:
- to accept the breach (sigh)
- come forward to discuss and explain, document by document, in public.
This could have completely restored trust, confirmed American ideals (+ corrected some misbehavior) and sent Snowden, Greenwald, Poitras, … publicly to the desert.

- Could, if the USG were mostly innocent (and wise).

But from their reaction the whole world knew immediately they were mostly guilty.
An undiplomatic plutocracy, gracefully dancing like a rhino.
Bloody cowards, too.

The horror wasn’t the breach, it was the USG (and America’s public) reaction.


@ WalksWithCrows (5, 01:49 PM)

“They would find themselves unable to dismiss the thought that maybe - all of this - has simply been a very complicated and sophisticated ruse of the government's counterintelligence department.”

Of course I can’t tell for all foreign - foreigners (= not Five Eyes), but although we have quite some conspiracists here I feel the average simply found the USG with their pants down.
Believing in a super_bright_global_brain behind is impossible when watching the POTUS and his goats on a nearly daily basis, sorry.
We have similar “corrupticos” at the top, as we always had, that’s not new to us.

However, you are right about the real danger, biased mainstream media - and their manipulating the mainstream people.


[1]
“highly biased journalists” only because mainstream media wasn’t an option, sadly.

March 5, 2015 5:26 PM

amazombie on Now Corporate Drones are Spying on Cell Phones:

It doesn't use oil http://en.wikipedia.org/wiki/File:Dummy_S-300_vehicles.jpg
so that's more oil for boiling corrupt leaders in. Meanwhile we're being invaded by real stuff and it flies. It's all for ads and ads for all. People are trapped for 20 hours on the highways living in cars. You might as well make inflatable plow trucks because the real ones aren't solving the problem. We have five eyes phones. Can we get a hot pizza drone out to the motorists?

March 5, 2015 5:17 PM

Sancho_P on The Democratization of Cyberattack:

@ Skeptical (04, 04:17 PM)

I fall in awe as you seem to find sense in Mr. Rogers evasive rhetoric, you must be experienced in dealing with such airheads.
I really don’t know if he wanted to say anything, obviously he couldn’t.

So it would be only fair to call you “Admiral” Skeptical (from admire, not the Rogers-butterfly).

“But it's very hard for me to understand … why the very possibility of a system should be dismissed at the outset as something obviously impossible, like a square circle.”

The reason simply is no one has defined “a system” to be approved or dismissed [1].
We even don’t know what “they” really mean because asking for a framework and expressing hope to solve problems is just the boss talk we hear every day - so we understand a square circle, and that’s not possible.

Why-oh-why, Mr. Rogers, didn’t you send one of your experts to the stage?
It’s not a shame to be blank, but to be blank + talk is.

As I wrote above , whatever “framework” is thought of, some will bypass it.
As a result we would waste billions to stalk innocents and all the real terrorists, banksters, drugsters, gangsters and Sanchos would slip through.

Nope, it’s not a big discussion, it’s nonsense, don’t crack your head about.

[1]
Well, Nick P made an impressive attempt to explain “something” I think he knows himself to be impractical, but be it more the square or the circle, the basic question isn’t a technical one.
—> The haystack isn’t the target, it’s the needle.

March 5, 2015 5:09 PM

Anon on Now Corporate Drones are Spying on Cell Phones:

Mr. Schneier,

Is there any chance that the Potomac Mills B&N appearance will be rescheduled for Friday? I was (still am) hoping to see you there.

Safe travels in the snow!

March 5, 2015 4:42 PM

amazombie on The Democratization of Cyberattack:

The Democratization of Cyberattack
Agin it is backwards in Russia. They have Cyberization of Demoattack. Can send sale agent to run demo of superior Russian defense gear. Cops in Moscow can save people from jumping off bridge by shooting them. Turn off cameras first and block with snowplow. State of murder. Oil's cheap, so boil all the leaders in it.

March 5, 2015 4:32 PM

Benni on Friday Squid Blogging: Humboldt Squid Communicate by Flashing Each Other:

BND tries to hide secret files from the german parliament:
http://www.spiegel.de/politik/deutschland/nsa-ausschuss-bnd-muss-wegen-akten-panne-nachsitzen-a-1022012.html

Without success of course, since this is a BND operation. They gave massive amounts of bulk data to NSA and that is now out:
https://netzpolitik.org/2015/live-blog-aus-dem-geheimdienst-untersuchungsausschuss-dr-urmann-leiter-der-technischen-aufklaerung-des-bnd/

and they capture more than just their allowed 20 % of all communications, they do a full take:
https://netzpolitik.org/2015/geheimer-pruefbericht-wie-der-bnd-die-gesetzlich-vorgeschriebene-20-prozent-regel-hintertreibt/

At BND's new building, somebody has opened the water faucets... And now the entire building is underwater, especially the places where they wanted to put their cables and wires.... (with underwater cables, BND has much experience anyway)

http://www.spiegel.de/politik/deutschland/bnd-neubau-in-berlin-unter-wasser-gesetzt-a-1021774.html

New Zealand is also doing a full take on some pacific islands, whatever that is for:

https://firstlook.org/theintercept/2015/03/04/new-zealand-gcsb-surveillance-waihopai-xkeyscore/

Ever send something with germany's no 1 postal delivery service DHL? A politician tried to send his NSA tapped smartphone with DHL to the office for security in information systems after he found out that he was bugged. The package was interdicted and opened before it reached its destination of course:

http://www.welt.de/politik/deutschland/article138039430/Spionageverdacht-im-Geheimdienst-Ausschuss.html

March 5, 2015 4:29 PM

amazombie on Google Backs Away from Default Lollipop Encryption:

Described as smaller than the U.S. Air Force Northup B-2 Spirit stealth bomber, the Russian T ... is "superior" to U.S. systems. "The Russian ... Russian-made nuclear ...Again, best you have is Hawk that superior Russian shoot down like commercial jet out in Ukraine. Russian have the Thunder. Russia delivered its first shipment of Iskander missiles to Syria. The superior Iskander can deliver barrel bomb with laser presion into apartment house from 200 km and send report with dictator feature in Pandroid smart phone network.

You have five eyes amadroid phone and big joke kitkat android. Did that come with hemmohroid plan too?

March 5, 2015 4:25 PM

DB on Now Corporate Drones are Spying on Cell Phones:

lol... ok... so now everyone that walks past certain coffee shops might get drones following them around all day spying on where they go and what they do so they can be "properly" (i.e. targeted) advertised to next time they happen by the shop? But don't worry, nothing's personally identifiable... lol... right.

March 5, 2015 4:06 PM

amazombie on The Democratization of Cyberattack:

The Iranians are also planning to introduce locally developed radars to replace a series of aging Russian-made systems ... superior to the US-made Hawk missile ...
This work with remote 'secure' Putin phone of grand future. Top of line engineering by Chinese state software partner who borrow Apple design and make better with chemistry. We will bury you! Look like another 3-5 inches, so God's gonna beat you to it, according to Doppler. We have amadroid phone with five eyes!

March 5, 2015 4:01 PM

WalksWithCrows on The Democratization of Cyberattack:

@Clive Robinson

Apparently, whilst women represent 50% or more of UK government departments, when it comes to Intelligence Officers it's over 2/3rds male....step forward your country needs you to be a new Marta Harrie / Bond Girl ;-)

That is positively shameful. Also means the shows like the game, spooks, worricker, tinker tailor were all presented entirely realistically & faithfully. But, noooo, it is still an old boys network. And the 70s especially so, if still today. Shame on you brits.

March 5, 2015 3:49 PM

WalksWithCrows on The Democratization of Cyberattack:

@gordo

In the meantime, and, slightly tongue-in-cheek, as another story has it...

...burgeoning technologies require outlaw zones...Night City wasn’t there for its inhabitants, but as a deliberately unsupervised playground for technology itself. (Gibson 11)

:-) Well, it is *fun* for the inhabitants, I am sure.

If your work is not fun, then what, really is the meaning of it all? Life. And all that?

March 5, 2015 3:37 PM

amazombie on The Democratization of Cyberattack:

Putin-backed startup aims to sell 1M smartphones this year

It's going to be with two screens. This will run Pandroid, which is superior Russian made system and made with old recycled tin pans from Ukraine so it has green and all you imperialist pig have is greed and plastik phone from your master in Silicon Valley.

March 5, 2015 3:06 PM

amazombie on Now Corporate Drones are Spying on Cell Phones:

"Everything I did in my life that was worthwhile, I caught hell for." - Earl Warren

War is war and hell is hell and war is a lot worse. And also corporate.

March 5, 2015 2:56 PM

Nick P on The Democratization of Cyberattack:

@ amazombie

Zack's post is one-sided, misses huge parts of the discussion (esp Indian police corruption), is likely disinformation on Chinese part (unintentional), and way off on Blackberry being secure. I give full details here in my reply to him. I emailed it as a Pastebin due to comments being closed and a web app for contacting him.

March 5, 2015 2:35 PM

WalksWithCrows on Now Corporate Drones are Spying on Cell Phones:

"Minority Report" stuff (and is tech in many other sci-fi stories, made cinema, or otherwise). The way I had heard this was being implemented is simply in commercial, standalone advertisements. Such as the sort of standalone signs one typically walks by, though as it is expensive enough & small enough it can really go on just about any manner of poster.

Normally, Adnear collects these mobile signals on bikes, cars, trains, and, on occasion, stairs. It conducts this ground-based collection so it can readily map the strength of the signals against the nearby towers or Wi-Fi hotspots. Drones, of course, offer better coverage than ground-based methods, and can be used in areas inaccessible by vehicles or foot.

Trains, public transportation signs would be able to hold more sophisticated technology, though, of course, this tech could also be hidden in a variety of places where there is massive traffic flow (of cars or people).

Where this is useful because: everyday signs and such are much more easily broken into to scavenge the tech, physically. More proprietary and sophisticated systems you probably want to make much less physically accessible.

Great systems for burst sending & receiving, too. Quite a bit can be sent or received if using tech like forward error compression, in distributed, physical networks. Where, if data sent or received is incomplete, does not matter as long as the roads and walkways have enough nodes along enough potential pathways.

March 5, 2015 2:35 PM

Anura on Google Backs Away from Default Lollipop Encryption:

@amazombie

Without a secure hardware storage solution, your key is stored in a file that is protected by the pin, which is trivial to crack for most pins - a 6-digit pin is easily doable in under a day on a computer with a single CPU core and no specialized software. Most people have very weak security (pin or pattern, the latter being even less secure than a 6-digit pin), because typing a strong password on a phone to unlock it is inconvenient.

March 5, 2015 2:22 PM

WalksWithCrows on The Democratization of Cyberattack:

@Skeptical

Greenwald's reporting has sometimes been less accurate, and more speculative, because it depends on more incomplete information. And let me clarify that I don't think Greenwald lacks dedication to certain norms that would result in at least some advice from the USG. I have no doubt that Greenwald would not release information if shown it would specifically cause harm to particular persons (or particular groups) at high risk of such harm, for example.

The "Kill the Messenger" scenario can show just how incorrect this sort of thesis can be. Summary: reporter discovers that the CIA was working with major drug barons in Nicaragua. He followed back the story, obtained more information to it, and presented it. Teams of reporters were created in major American newspapers to attack the story. He was eventually effectively forced out and the story shut down. Later disclosures added more substantiation to it. No matter, he never worked for a newspaper again, and ended up killing himself with two bullets to the head some seven years after, on the very anniversary of the day he left.

On the surface, it all seems absurd. Surely, his reporting was just as atrocious as these "Get Gary Webb teams" made it out to be. Nothing to see here, move on. And who would ever suggest that this reaction was anything but internal, motivated by professional envy.

Only, he was right. Duh. Of course the CIA works with whomever is in power, and wants to keep trustworthy allies in power. This happens all over the world, and there is a very lengthy record of this. As critical as the "war on drugs" was, fact is, someone is going to provide the supply.

Point being: major, respected American media outlets are deeply biased. Does not mean they may be devoid of any manner of journalistic ethics & professionalism. Because, after all, there are plenty of stories they do not and will not report on, often because they are too dangerous, too important to do so. Their audience, after all, wants to hear what their itching ears long to hear. That, is where the bias comes in and stays at.

Bias is not just right wing or left wing, and the extremities of either two. No, there is another insidious bias far more powerful and dangerous even then that. It is the bias of the moderates.

That is the particularly blinding bias. That is the sort of bias which makes major social change truly difficult to gather steam. It is invisible. The majority - of both and many other arms - believe it. It must, therefore, be true.

Yet, how often in history has it been, through a very wide variety of social change mechanisms (including scientific) where what was once believed by all, or surely most, in later years is shown to have been patently barbaric and absolutely absurd?

Then, they could not see, for instance, the "flat earth" theory as being what it was. What, today, are the modern equivalents? No one would know today, anymore then their ancestors knew yesterday.


March 5, 2015 2:20 PM

Zach on Google Backs Away from Default Lollipop Encryption:

Perhaps Google is concerned about their future information-collection ability.

Google is after all not really a tech company. They are more like an advertizing company that provides tech tools, as their core business is adverts.

For example according to this article:
Google, Mighty Now, but Not Forever
http://www.nytimes.com/2015/02/12/technology/personaltech/googles-time-at-the-top-may-be-nearing-its-end.html


Although Google has spent considerable resources inventing technologies for the future, it has failed to turn many of its innovations into new moneymakers. About 90 percent of Google’s revenue is from ads, most of that on its search engine.

March 5, 2015 1:50 PM

amazombie on Google Backs Away from Default Lollipop Encryption:

When an Android doesn't have hardware encryption, where does it protect the key?

According to the crack engineers, if you have an Android you are pretty much screwed. Maybe marketing can rebrand it Sucker. QOD: Is picture password secure?

Well, we're the freaks of the industry/ My man, Money B, oh, my mellow, Shock G/ The freaks of the industry/ And when you see us back stage, be prepared to G/ Well ...

March 5, 2015 1:49 PM

WalksWithCrows on The Democratization of Cyberattack:

@Rolf Weber

We should stop to blindly trust the interpretations of highly biased "journalists". I repeat myself, the most "shocking" "revalations" were all bogus: The "direct access" was completely untrue, BOUNDLESSINFORMANT was heavily misrepresented, and the "great SIM heist" is still without any evidence.


I wonder how far across the painting you would bring this particular stroke? Would you also include in here, for instance, Mannings disclosures? Would you include in here the HBGary and Stratfor disclosures?

(And with them, all the mini disclosures which were related?)

(Which, if one tallies them all up, are quite numerous.)

If so, or if not, what you are thinking here is, I am very sure, being considered by every foreign analyst and spy thinking on these cases. Probably, torturously so. Allied foreign or enemy foreign or frenemy foreign, combined.

They would find themselves unable to dismiss the thought that maybe - all of this - has simply been a very complicated and sophisticated ruse of the government's counterintelligence department.

Some sources might feed into that possibility, some sources might poker the flame of the already existing doubt. But, they would never really know... for sure.

Of course, if so, then the sheer enormity of such a distraction would boggle the mind. How many systems have they found from resulting internal audits are actually effected? And why would they want to distract the American people and other allies? Why now? And, moreso, what is missing from the picture which all of this does not say?

In fact, they think in such a paranoid, 'mind bending' manner on possibilities... they probably even saw the Patraeus situation as a triple purpose type operation. Intended to be indirect, but with just enough holes in it that they might conclude the government was intentionally trying to have those holes be found. Highly implausible to most readers here, very plausible to anyone swallowing the line which all of this is just for distraction purposes.

Maybe they get closer to the truth when they consider that recent botched CIA job in Moscow, and the ludicrously low tech tools that individual was caught with.

I do not mind saying what is not said: human intelligence. Long term, very deep cover agents operating in their respective foreign governments as "stellar individuals". Because they receive help. A vast improvement on the whole Kim Philby sort of thing.

You wouldn't need many. Just enough to be able to leave that backdoor open when you need it.

Which serves these aims more? To argue that the information is worthless, or to argue that it is devastating in impact?

Really kind of nasty, to be on the watch for disaffected employees, and then put them in a place where they might do what they have a tendency to do anyway. Who is a better "face" then someone who really believes in what they are saying? Can't lie detector them.

You and that ex-USAF fellow seem to be, however, the sort who are simply trying to downplay the value of the information, because you believe the information is just so devastating. Probably even without any manner of intention of dishonesty. Or maybe you both just really see the information as being overly hyped and really 'much ado about nothing'. Kind of hard to say.

I suppose we will all find out sooner or later. Like, you know, when those target regimes have their silent, shadow coup.

If that has not already taken place.

March 5, 2015 1:40 PM

amazombie on The Democratization of Cyberattack:

They warned Blackberry that without weaker security and more holes, sales would suffer. If everybody keeps pushing the new gear with Swiss cheese holes we'll meet our numbers.

BlackBerry encryption ' too secure ': National security...
http://www.zdnet.com/article/blackberry-encryption-too-secure-national-security-vs-consumer-privacy/?_escaped_fragment_=#!
BlackBerry encryption 'too secure': National security vs. consumer privacy. Summary: India's intelligence services cannot intercept BlackBerry encrypted data, citing ...too many cowboys. Talk them into the Freak Androids and slurp up more data.

Update (1st August 2010, 12:55 GMT): The BBC confirmed via the UAE's state media that come October, all half a million BlackBerry users in the region will have some services suspended unless a "solution compatible with local laws is reached", amid national security concerns.

It's a problem in China too. With demand for insecure gadgets climbing we can have more security by having more defective gadgets while also enjoying less democracy and no privacy. You're on your own.

March 5, 2015 1:19 PM

RSaunders on Data and Goliath Book Tour:

Barnes and Noble reports the store where the DC event was scheduled is closed today. Any news on rescheduling?

March 5, 2015 1:08 PM

amazombie on Now Corporate Drones are Spying on Cell Phones:

Birdshot is a bad strategy. The alternative? Lasershot. It might be a worse strategy.

It cannot be denied that this drone is very powerful, but if this creation fell into the wrong hands and with a great improvement, this may lead us one step closer to laser robot apocalypse. Or maybe just militarized bots to burn people?
http://nasilemaktech.com/2014/01/02/homemade-death-ray-laser-drone-bot/

The zombie apocalypse has been postponed. We're going to be fried alive instead of eaten alive, which sounds faster and less painful.
http://www.cagle.com/2012/07/statue-of-future-war-hero/

March 5, 2015 12:56 PM

Alexander Hanff on Now Corporate Drones are Spying on Cell Phones:

Another thing people need to realise is that under US law the data this company is collecting is not protected by the 4th Amendment and they can be forced to hand it over with the lightest of legal requests.

March 5, 2015 12:45 PM

WalksWithCrows on The Democratization of Cyberattack:

@Mike (just plain Mike)

You also say:
“If anyone knew anything either directly or indirectly, the last thing they would want to do is ever post details of the big picture online or in any manner in public.”
Doooooh.

To some readers, but not to others. Also, it can waste time for someone if they thought I believed this. I do believe there is something "like this" going on, if one changes around some details and considers some major component is left out which makes it irrelevant to say. Such a thing as one might guess, but would immediately dismiss, and continue to dismiss even if it came up again. People very rarely are an "L" who can put together very disparate parts of a jigsaw puzzle, finding one which they can't believe could possibly fit, and dare to actually even so much as to try it and see how it works when they do.

Reality is very consistent, and human minds like to complete the picture. If a purple gorilla walks across the stage, it does not matter, we would not see it.


What if those “technological advances of social media and other aspects of 2000s+ Information Technology” were/are actually the products of the Manhattan Project? What if FaceBook, Google, Twitter et al all actually originated with and are guided by The Project? Fiendishly clever combinations of technology and social engineering right from inception – involuntary self-contributing population-wide surveillance systems in which every prole continuously and happily spills forth data on their ongoing interests, opinions and social relationships – and those who refuse to participate stand out like sore thumbs. Keeps us all safe from the enemies-within – fun to use – and, of course, it’s all free! What’s not to like.

Angel investors with covert backgrounds and agendas. All of this technology was predictable and had very early precedent. If you control the money, you can probably get a few people in there at a higher up level. And do so claiming entirely different reasons. Once you have one or more in there, then you have an open backdoor for future hiring & contracting purposes.

You can also ensure success of a company, besides just from funding, but also from a variety of ways of quietly dealing with competitors. But the key ingredient here is very necessary: to be very good at getting behind already very promising products and people.

This can be done by being able to weather failures, and by having the backing of research in emerging technologies which is top notch. Think tanks. Research departments. Very forward think defense contractors with proven histories of success.

Example of a very worthwhile trick: a singular individual can perform intensely powerful work if they are but "the face" where their job is primarily to get that work from teams of other people and present it as if they were working alone.

So not hard to create stellar people who quickly rise into key positions.

I would only add here, more interesting even then the possibilities of relevancy guided social media are security systems, including anonymizing ones, such as Tor which now is effectively the backbone of the "darknet". And, I would add, that most of the players in this game - including think tanks - would probably have no idea of what their work is being used for. Therefore, keeping the numbers involved in any singular product very small, which reduces the risk for disclosure.

So, disclosures "like PRISM" are irrelevant. Treading ground already treaded. Valuable irrelevancy, as it deepens the cover and strengthens the conspiracy. But, irrelevant, nevertheless.

March 5, 2015 12:37 PM

MikeA on Friday Squid Blogging: Humboldt Squid Communicate by Flashing Each Other:

@Nick P

Sorry I was unclear. Dave Keppel's work was in trying to standardize an API for "blessing" code. That is, whatever method (tags on individual words, code-only segments, whatever) is available in hardware, the goal was to agree on semantics where, e.g. a JIT complier can say to the system "I am done creating this code area. Please make it executable". That is, to create a single (hopefully not too onerous) point where the advisability of making code executable can be decided.

For tags, one big improvement might be to differentiate "branch targets" from "stuff which can only be acted upon if fetched sequentially".

As for separate IO processors, I fondly recall the CDC 6x00 and 7x00, particularly the notion that the CPU was a "brain in a bucket" whose memory mapping and I/O was completely under the control of a supervisory processor. At least until they modified that design to allow CPU-resident supervisory code controlling the memory map. For efficiency, of course.

March 5, 2015 12:32 PM

amazombie on The Democratization of Cyberattack:

Hillary has developed US Mums Net. Use home computers because the department network is full of holes and hackers. You can also lick stamps and use Mums Mail to avoid blackmail.

March 5, 2015 12:24 PM

Wael on Now Corporate Drones are Spying on Cell Phones:

@Nicholas Weaver,

And even excluding all other factors, it would probably attract birdshot like a magnet.

First thought that came to my mind! The idea is a dud, or likely DOA, I think.

March 5, 2015 12:23 PM

amazombie on Tom Ridge Can Find Terrorists Anywhere:

"The hearing aid, which its creators dubbed the Nanoplug because it was supposed to run off a rechargeable “nanobattery,” was billed as a “100 percent invisible, instant-fit, user programmable hearing aid” and promised to prove that “better hearing can be cool.”"
http://pando.com/2015/03/05/backers-claim-nanoplug-hearing-aids-293k-indiegogo-campaign-was-a-scam/

Movie plot ideas? Super E-commerce Plastic Electronic Recon (SUPER) With a billion dollar valuation and VC dough, the invisible nano-drone fleet takes to the friendly skies delivering nothing while sucking everything. Look up in the sky, it's a bird, it's a plane, oh never mind it just your imagination running away with you.

March 5, 2015 12:13 PM

Adrian Lopez on Everyone Wants You To Have Security, But Not from Them:

The problem with such laws is that they'd raise the cost of operating websites that collect information from their users. Having complex laws or requiring lots of red tape would make it difficult or even impossible to operate a website on a modest budget. New services would have a harder time getting off the ground unless backed by large corporations. Innovation would suffer. Even something as essential to online freedom as being able to build a platform where people can communicate would be implicated.

Let's not create one problem by trying to fix another. Aren't there better ways to address online security than to prescribe security by law?

March 5, 2015 12:11 PM

amazombie on Now Corporate Drones are Spying on Cell Phones:

The Singapore-based company's staff was recently spotted in LA experimenting with drones. Once the data is collected, the analysis of historic data in combination ... with your credit card data, DMV records and analysis of historic travel they can bomb you with more ads tailored to your specificities.

March 5, 2015 12:09 PM

Nicholas Weaver on Now Corporate Drones are Spying on Cell Phones:

Almost certainly, the tracking is WiFi MAC and perhaps Bluetooth (no IMEI/IMSI), since those can be done easily and passively.

Also, almost certainly, this is a PR stunt for the company trying to get attention to their on-the-ground tracking service that they've already emplaced for a while now.

If they tried doing it with drones, the FAA would have kittens today (the drone rules aren't finalized). And even after the FAA issues rules which would allow it, the need to have line of sight to an operator, not over people, and daytime only operation would make it less useful than say a wart on a mapping car. And even excluding all other factors, it would probably attract birdshot like a magnet.

March 5, 2015 11:47 AM

Clive Robinson on The Democratization of Cyberattack:

Silly Suggestion of the Week Nomination

Just heard on BBC Radio 4...

A report to Government Ministers has suggested that "Mums Net" should be used to recruit "spys" for the Intelligence Services".

Apparently, whilst women represent 50% or more of UK government departments, when it comes to Intelligence Officers it's over 2/3rds male.

So all you ladies with your 2.4kids and 0.7 Golden Labradors, tired of reading Fifty Shades of Grey and disproportionately populating cafes and other places with your baby buggies, step forward your country needs you to be a new Marta Harrie / Bond Girl ;-)

March 5, 2015 11:46 AM

Jon Allen on Tom Ridge Can Find Terrorists Anywhere:

A more fundamental problem is that there is no solid definition of terrorism. It's a vague concept that can be applied to anything a government does not like.

March 5, 2015 11:44 AM

CallMeLateForSupper on The Democratization of Cyberattack:

Hmmmm.... Slashdot presents a "Accptor les Cookies" button and stops cold.
Bad Slashdot! Bad!

March 5, 2015 11:27 AM

Clive Robinson on The Democratization of Cyberattack:

@ Dirk Praet,

I don't know where Rolf is located, but his posting times have suggested the EU in the past. Which may well mean he does not have the protected right of free speech that one or two places enjoy.

I gave up trying to point out his attitude was at variance with verifiable information the first time around, as did several others which might account for why he stopped posting for a while. That said as much as I disagree with his position for valid and verifiable reasons, he is I guess entitled to try to justify his.

He is not the only one with opinions counter to what can be verified, and whilst it is an initial act of kindness to point out the differences between their beliefs and verifiable information, it quickly gets to the point where you know they are so entreched in their outlook they are not taking things on board any longer.

With regards the "back door" issue, whilst I agree that what I suggested appears unlikely, I can not see nations ceeding their sovereignty to other nations without a whole load of safe guards and specialised treaties and importantly "national security" protections.

The alternatives will work even less well, imagine a phone which has 270 odd backdoors "just in case" you visit one of those countries. We already have seen India and other countries demanding access to phones being used in their countries for what we would regard as human rights abuses and industrial espionage.

It will get to the point where people will stop using mobile phones and computers with any kind of international connectivity. The economic damage this would cause whilst not quite "incalculable" is certainly going to be extrodinary.

Nation states are therefore going to have to ask themselves serious questions about what is important, their perceived right to eavesdrop or the ability of their economy to function in a modern world. If you look at some nations such as India, their economy is increasingly based on global information exchange via electronic communications, whilst politicos can be extreamly selfish, self opinionated and myopic to the point they cannot see where they are going with their policies, large corporates and other revenue paying organisations can...

Whilst common sense is notable for it's distinct lack of commonness I would hope that even the politicos are not suicidaly stupid (even though there is plenty of evidence to suggest they might be with their "selfies" etc).

What I don't want and only an idiot would welcome is every nation "hacking" anybodies and everybody's devices, they are fragile enough as it is, which is why some malware authors have in the past "patched up" the devices they have hacked into, to avoid others making the device so bad the user is forced to get it cleaned up etc.

March 5, 2015 11:11 AM

d33t on Now Corporate Drones are Spying on Cell Phones:

"Does anyone except this company believe that device ID is not personally identifiable information?"

Like big spy agencies, they choose to frame reality or believe what ever gets them to their advertising goals (money). I still think the manufacturing of consent by way of a tuned understanding of the demographics is the real reason behind current, codified, mass surveillance by the US government. It's definitely not the "threat of terrorism". There doesn't appear to be much difference between product ads and state sponsored propaganda here in the US.

In a country that has rapidly exchanged civil rights for convenience, fake security, empty entitlements, instant gratification and lawlessness from the top down, I would expect no less than complete denial and delusion when it comes to advertising dollars. We live in a cult of ruthlessness pretty much.

I guess my feeling on being fed ads this way is, if I notice an ad popping up anywhere in my perceived personal space (public or not) that correlates to a business near by at that moment (within sight), I will not buy anything there again.

Next come billboards, that change (tune) when enough of a "group" are present to see them based upon cellular phone device ID tracking or license plate readers et al.

March 5, 2015 10:07 AM

Jake on Google Backs Away from Default Lollipop Encryption:

@00O:
Bitrot: Been there done, that. Is that ever an awful feeling to not be able to get the data back.

As far as the lollipop goes, only young ones small enoungh to be sucking on one would believe in the encryption scheme anyway. It'll be worthless, or close. An aside, and my quote for the day: The internet is a broadcast medium, cleverly disguised to be interactive.

March 5, 2015 9:55 AM

Chelloveck on Now Corporate Drones are Spying on Cell Phones:

I worked for a cellular equipment manufacturer (infrastructure and handsets) back in the early 90s. Even then marketers were drooling over the prospect of being able to push location-based ads (in the form of text messages) to phones. I remember the exact example given at the time was a coffee shop enticing passers-by with discount coupons.

Turns out nobody wanted it back then, either.

March 5, 2015 9:53 AM

Earl Killian on Now Corporate Drones are Spying on Cell Phones:

Perhaps we should start a betting pool on the number of months until their first subpoena?

@Georg Kokte Faraday cage covers for phones exist. Go get one! You should also consider an RFID blocking wallet.

March 5, 2015 9:48 AM

Dirk Praet on The Democratization of Cyberattack:

@ Rolf Weber

We should stop to blindly trust the interpretations of highly biased "journalists".

Nobody does, Rolf. These documents have been studied by countless other analysts, infosec people, civil liberties organisations, you name it. And indeed, you are reiterating yourself, especially on the direct access topic which you have been going on about ever since the first PRISM stories broke. And without revisiting that issue yet again, what does it matter anyway whether it's direct or indirect access if the access is there quite alright ? The NSA has been tapping into traffic between data centers, at least two PRISM partners but probably all of them have been served NSL's. I could go on. That's a purely semantic discussion to distract attention away from the real matter at hand.

Whether or not the current interpretations of Snowden's slides are 100% factually correct, the fact of the matter is that the NSA and its partners have unleashed a secret, global surveillance dragnet unparalleled in the history of mankind, and which you are still completely in denial about. In essence, you're missing the bigger picture by blindly focusing on what in your expert opinion are incorrect interpretations of certain documents and programs that neither you or the rest of us can either prove or refute.

Feel free to interpret these document any way you like: overstated internal PR to boost morale, outright lies ("We think we have their entire network") or harmless PoC's for targeted surveillance and subversion techniques in search of terrorists only. Fair enough, but I'm not buying it because, frankly, your entire case is based on FUD and distraction only.

March 5, 2015 9:35 AM

qb on Now Corporate Drones are Spying on Cell Phones:

@silly

Yes, the world is ad-crazy. Imagine: in 2013, Earthlings spent on ads 1.5 times more money than on all space-related programs! And they still want to cut NASA budget.

March 5, 2015 8:56 AM

SoWhatDidYouExpect on Now Corporate Drones are Spying on Cell Phones:

Regardless of what they are doing or their intentions, this is obviously overreach. It would be my observation that targeted marketing or broadcast marketing to mobile device users, would get the same result as ads in newspapers...ignored for all practical purposes. If the mobile device users don't want the ads and you annoy them with such stuff, or if it becomes invasive, they won't become customers anyway.

This may become much like email SPAM. Gee, 1000 messages didn't get any response, so try 10 thousand, then 100 thousand, eventually a million and finally tens or hundreds of millions. The targeted or broadcast messages to mobile devices will drive people away.

Maybe mobile device users should start carrying bricks...

March 5, 2015 8:44 AM

steven on Now Corporate Drones are Spying on Cell Phones:

After some thought, we may be looking at the wrong issue.

The owner of a small, independent coffee shop could stand outside said store handing out the coupons, or free cake, or otherwise attracting customers inside.

If a coffee shop franchise can afford to pay a marketing company to pilot aerial drones over the city to track people's movements by the electronic devices they carry with them - those people are definitely paying too much money for their coffee. I think the consumer is to blame here.

It's unfortunate that innocent bystanders get caught up in the electronic surveillance, though.

March 5, 2015 8:20 AM

steven on Now Corporate Drones are Spying on Cell Phones:

This is just a PR person at a marketing firm, being quoted in a tech blog. I wouldn't be misled by mention of "cellphone towers".

Receiving cellphone traffic and being able to correlate session keys to particular devices and serve ads to those people, sounds impossible without complicity of the cellphone networks (or co/subversion by an agency). That would be prohibitively expensive here, or otherwise make the drones unnecessary as the operator knows your location anyway.

Considering you can track phones by Wi-Fi probe requests as described above by J, using only $20 of hardware, I suspect their location tracking business venture is really just that simple. Adware running on the phone will know that device's BSSID, and can phone home with it to request targeted ads. Drones (or cars, or static antennae) can be deployed in areas to look for, and in a vaguely targeted way, try to track/follow as many enrolled devices as possible.

March 5, 2015 8:19 AM

stvs on Now Corporate Drones are Spying on Cell Phones:

it seems that drones are used to map "wireless landscape" of the city, not track people

Stopping wifi tracking is why MAC address randomization is used in iOS 8. I've always assumed that tech/data savvy stores like Target that offer free wifi do so to track customers through their space.

Practically, there seems to be several questions about Apple's implementation.

With the coming iWatch, it's said that tracking will be possible using any of bluetooth, iBeacons, and NFC.

March 5, 2015 8:17 AM

Pat on Now Corporate Drones are Spying on Cell Phones:

Does anyone except this company believe that device ID is not personally identifiable information?

Unfortunately, I can see a case for this. The Device ID can be used to find out who you are fairly easily, they just don't care who is holding the phone. It's kind of depersonalizing to think that a company isn't trying to market to me anymore, they're just trying to get ads to pop up on a screen near a person that is walking by a business. The fact that I own the phone is tangential to them.

For security reasons, this should probably not happen, but it is how the infrastructure was built. If I want to be able to be contacted at anytime by anyone, then I'm going to have to accept that anyone can track me.

March 5, 2015 8:14 AM

qb on Now Corporate Drones are Spying on Cell Phones:

After some thought, I think it can work like this:

  • Drones are used to map the "wireless landscape", not actually track anyone. In fact they are not much different from Google Street cars.
  • Regular people install ad-monetized apps on their smartphones. Ad SDKs make the apps poll cell tower identity and SSIDs of the surrounding WiFi networks. This data is sent to AdNear and matched against the map to produce actual user's location.
  • AdNear then uses this location information to choose targeted ads for each user.

Does it sound right?

If that's what is going on, then I think flying drones per se do not bring much evil to the story. Rather it's corporate drones in @wiredog's first sense, who feign to think that "numerical id is not personal data".

March 5, 2015 8:12 AM

American Patriot on Tom Ridge Can Find Terrorists Anywhere:

But you don't understand, we must eradicate all risks and threats to stadiums because they are critical national security assets. If the enemy destroys our stadiums, where are we going to hold our giant Nuremberg rallies with ritual brain damage to keep up national loyalty when the government loses another war?

March 5, 2015 8:02 AM

qb on Now Corporate Drones are Spying on Cell Phones:

@J re Wi-Fi

It would work, but it won't scale. They would have to issue a personal drone to follow each private person, which I hope is not feasible yet :).

Also it's not clear how WiFi MAC only can be used to push targeted ads.

So I think there is something else missing in the picture.

March 5, 2015 7:50 AM

Georg Kokte on Now Corporate Drones are Spying on Cell Phones:

@ Bernard

If I'm reading the article correctly, turning off wifi and gps will not be enough, as they'll the cellphone towers themselves to locate the device.

What we'll need is a cellphone cover that acts a faraday cage. (I'd totally buy that, btw)

March 5, 2015 7:50 AM

J on Now Corporate Drones are Spying on Cell Phones:

@qb As long as your wi-fi is enabled, your device is constantly sending out its MAC address (and often the list of all Wi-fi AP you have connected to) to visible Wi-Fi access points. The AP operator could use the timestamp of that sighting along with the coordinates of the AP and other technology such as CCTV to identify an individual or target them.

In this case it's unclear what value collecting a mobile device's MAC address would have for location services. MAC addresses from relatively static Wi-fi hotspots are routinely collected for that purpose (https://en.wikipedia.org/wiki/Wi-Fi_positioning_system) but mobile devices are constantly moving and would be useless for trying to determine a position without GPS.

March 5, 2015 7:44 AM

Bernard on Now Corporate Drones are Spying on Cell Phones:

This corporate tracking is why I turn off WiFi every time I leave the house and only turn on Location Services when I need it.

If you want to track my location either get a warrant or mind your own business.

March 5, 2015 7:39 AM

name.withheld.for.obvious.reasons on The Democratization of Cyberattack:

Follow-up:

Their are several reports from the Congressional Research Service that enumerate the legal constraints related to science and federalization of research. Look for it on duckduckgo using "CRS science legal federal laboratory weaponized agent" string.

March 5, 2015 7:36 AM

name.withheld.for.obvious.reasons on The Democratization of Cyberattack:

@ SoWhatDidYouExpect

That is, the proposed regulation to restrict or constrain science in matters of the EPA.

Legislation, public law, finds science as an enemy...

Research in microbial and genetic agents, elements of nuclear science, specific material science, and other scientific research that is or considered a component of a weaponized material. The research is restricted to registered federal laboratories, if your working on your garage on a Delorean, installing a "flux capacitor" will find you in violation of public law.

I can see these restrictions moving up the chain until the only independent research one might entertain on their own is probably sized (not big enough to carry an of the above that have been weaponized) basket weaving.

March 5, 2015 7:35 AM

qb on Now Corporate Drones are Spying on Cell Phones:

From the original article (and the AdNear's blog entry it links to) it seems that drones are used to map "wireless landscape" of the city, not track people.

This suggests that "victim's" RF measurement data is later matched against this map to determine their location w/o GPS.

However neither article explains how this measurement is obtained from every "victim". Does anybody know?

March 5, 2015 7:29 AM

Lorenzo on Data and Goliath Book Tour:

Still on visiting the EU parliament; I've got a reply from one of the MEPs, Jan Philipp ALBRECHT:

There has been a resolution by the European Parliament last year following an Inquiry on Electronic Mass Surveillance of EU Citizens in the course of which Mr Snowden also answered questions by MEPs. You can find a list of other experts and hearings here: http://www.polcms.europarl.europa.eu/cmsdata/upload/7e8c2dbe-f4bb-4e1e-a1c2-c36f350cfb85/att_20140306ATT80654-8381106833153840527.pdf. The resolution was published here: http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+TA+P7-TA-2014-0230+0+DOC+XML+V0//IT.


At the moment it is discussed in the LIBE committee whether there should be a follow-up to last year's inquiry. The Greens are very much in favour of it since new important revelations have come to light since March last year. Should there be a follow-up, we will certainly consider sending an invitation to Mr Schneier.

I guess that's it for now. Good to know that something is moving.

March 5, 2015 7:00 AM

J on Now Corporate Drones are Spying on Cell Phones:

So this is basically like a flying Wi-Fi Pineapple? The example makes no sense though. If a coffee shop wanted to know nearby device IDs what benefit would a mobile drone provide over a statically positioned device?

Using a drone for wardriving (wardroning?) or creating a geopositioning database would make a lot more sense but that doesn't seem to be what they're doing here. This appears to be more of a PR stunt than a useful product.

March 5, 2015 6:21 AM

Sam on Tom Ridge Can Find Terrorists Anywhere:

Clearly the entirety of LA needs to be moved. Having LAX flight paths so close to LA is an overlapping of risk that outweighs any benefits.

March 5, 2015 6:12 AM

Moo on Data and Goliath: Reviews and Excerpts:

Magically arrived on my Kindle on 2nd March. Then I remembered I had pre-ordered! :-) Just dipped into the book and so far it's an excellent read .... a nice change from all the all the other tech heavy books I've been reading of late!

March 5, 2015 6:07 AM

Mike on Data and Goliath: Reviews and Excerpts:

Reading it on Kindle right now, fantastic book, very well researched and written. I'm glad I'm snowed in today, I can knock out several more chapters.

March 5, 2015 5:11 AM

Mike (just plain Mike) on The Democratization of Cyberattack:

@WalksWithCrows (and @gordo)

Of course, all a very entertaining fireside story, but it is all merely conspiracy theory...

That got me thinking (and reaching for the bold tags). You say, regarding the idea that the thrillingly named Cyber Manhattan Project may have started around 1995:

Might they have predicted the coming technological advances of social media and other aspects of 2000s+ Information Technology [...]?

What if those “technological advances of social media and other aspects of 2000s+ Information Technology” were/are actually the products of the Manhattan Project? What if FaceBook, Google, Twitter et al all actually originated with and are guided by The Project? Fiendishly clever combinations of technology and social engineering right from inception – involuntary self-contributing population-wide surveillance systems in which every prole continuously and happily spills forth data on their ongoing interests, opinions and social relationships – and those who refuse to participate stand out like sore thumbs. Keeps us all safe from the enemies-within – fun to use – and, of course, it’s all free! What’s not to like.

You also say:

If anyone knew anything either directly or indirectly, the last thing they would want to do is ever post details of the big picture online or in any manner in public.

Doooooh.

March 5, 2015 3:08 AM

gordo on The Democratization of Cyberattack:

@ WalksWithCrows

Of course, all a very entertaining fireside story, but it is all merely conspiracy theory. (If anyone knew anything either directly or indirectly, the last thing they would want to do is ever post details of the big picture online or in any manner in public.)

In the meantime, and, slightly tongue-in-cheek, as another story has it...

...burgeoning technologies require outlaw zones...Night City wasn’t there for its inhabitants, but as a deliberately unsupervised playground for technology itself. (Gibson 11)

---

Gibson, W. (1984). Neuromancer

March 5, 2015 2:24 AM

SoWhatDidYouExpect on Tom Ridge Can Find Terrorists Anywhere:

If Tom Ridge can find terrorists anywhere, why aren't those terrorists being arrested? If Tom Ridge knows about these terrorists, shouldn't he be arrested for not reporting them to the government? Isn't he witholding information about terrorists? Tom Ridge seems to know a lot about terrorists so why isn't he providing that information to the government? Is he a terrorist or hiding information about terrorists?

Just saying, I think someone should get that information from him or hold him accountable for what he is saying.

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.