Month: November 2018

Making Surveillance Easy

We’re only a few days away from yet another “most important election in our lifetime.” Since the Republicans are in power, the Democrats and their sympathizers are pissed and when they’re pissed it’s not uncommon for them to protest (Remember the last time they were out of power? They actually protested the wars that the party in power started! Those were the days!). Nobody likes it when people protest again them so the party in power wants to keep tabs on the people who might take action against them. Fortunately for them, most protesters make this easy:

The United States government is accelerating efforts to monitor social media to preempt major anti-government protests in the US, according to scientific research, official government documents, and patent filings reviewed by Motherboard. The social media posts of American citizens who don’t like President Donald Trump are the focus of the latest US military-funded research. The research, funded by the US Army and co-authored by a researcher based at the West Point Military Academy, is part of a wider effort by the Trump administration to consolidate the US military’s role and influence on domestic intelligence.

The vast scale of this effort is reflected in a number of government social media surveillance patents granted this year, which relate to a spy program that the Trump administration outsourced to a private company last year. Experts interviewed by Motherboard say that the Pentagon’s new technology research may have played a role in amendments this April to the Joint Chiefs of Staff homeland defense doctrine, which widen the Pentagon’s role in providing intelligence for domestic “emergencies,” including an “insurrection.”

A couple of years ago a few friends and I had the opportunity to advise some protesters on avoiding government surveillance. They were using Facebook to organize and plan their protests. We had to explain to them that using Facebook for that purpose meant that every local law enforcement agency was likely receiving real-time updates on their plans. We made several recommendations, most of which involved moving planning from social media to more secure forms of communications (Signal, RetroShare, etc.). In the end they thanked us for our advice, decided that using anything but Facebook was too difficult (which made me suspect that there were undercover law enforcers amongst them), and kept handing law enforcement real-time information.

The moral of the story is that government agencies pour resources into social media surveillance because it works because most protesters are more concerned about convenience than operational security.

Security for Me, Not for Thee

Google has announced several security changes. However, it’s evident that those changes are for its security, not the security of its users:

According to Google’s Jonathan Skelker, the first of these protections that Google has rolled out today comes into effect even before users start typing their username and password.

In the coming future, Skelker says that Google won’t allow users to sign into accounts if they disabled JavaScript in their browser.

The reason is that Google uses JavaScript to run risk assessment checks on the users accessing the login page, and if JavaScript is disabled, this allows crooks to pass through those checks undetected.

Conveniently JavaScript is also used to run a great deal of Google’s tracking software.

Disabling JavaScript is a great way to improve your browser’s security. Most browser-based malware and a lot of surveillance capabilities rely on JavaScript. With that said, disabling JavaScript entirely also makes much of the web unusable because web developers love to use JavaScript for everything, even loading text. But many sites will provide at least a hobbled experience if you choose to disable JavaScript.

Mind you, I understand why Google would want to improve its security and why it would require JavaScript if it believed that doing so would improve its overall security. But it’s important to note what is meant by improving security here and what potential consequences it has for users.

Drop the Word Internet

It turns out Internet freedom is declining:

Digital authoritarianism is on the rise, according to a new report from a group that monitors internet freedoms. Freedom House, a pro-democracy think tank, said today that governments are seeking more control over users’ data while also using laws nominally intended to address “fake news” to suppress dissent. It marked the eighth consecutive year that Freedom House found a decline in online freedoms around the world.

“The clear emergent theme in this report is the growing recognition that the internet, once seen as a liberating technology, is increasingly being used to disrupt democracies as opposed to destabilizing dictatorships,” said Mike Abramowitz, president of Freedom House, in a call with reporters. “Propaganda and disinformation are increasingly poisoning the digital sphere, and authoritarians and populists are using the fight against fake news as a pretext to jail prominent journalists and social media critics, often through laws that criminalize the spread of false information.”

There’s a great deal of irony in a pro-democracy, i.e. a pro-mob rule, organization discussing a decline of freedom but I digress.

Internet freedom isn’t the only freedom that’s in decline. Pretty much every government that has the ability it tightening its grip on its slaves. That is the purpose of government after all.

Deafening the Bug

I know a lot of people who put a piece of tape over their computer’s webcam. While this is a sane countermeasure, I’m honestly less worried about my webcam than the microphone built into my laptop. Most laptops, unfortunately, lack a hardware disconnect for the microphone and placing a piece of tap over the microphone input often isn’t enough to prevent it from picking up sound in whatever room it’s located. Fortunately, Apple has been stepping up its security game and now offers a solution to the microphone problem:

Little was known about the chip until today. According to its newest published security guide, the chip comes with a hardware microphone disconnect feature that physically cuts the device’s microphone from the rest of the hardware whenever the lid is closed.

“This disconnect is implemented in hardware alone, and therefore prevents any software, even with root or kernel privileges in macOS, and even the software on the T2 chip, from engaging the microphone when the lid is closed,” said the support guide.

The camera isn’t disconnected, however, because its “field of view is completely obstructed with the lid closed.”

While I have misgivings with Apple’s recent design and business decisions, I still give the company credit for pushing hardware security forward.

Implementing a hardware cutoff for the microphone doesn’t require something like Apple’s T2 chip. Any vendor could put a hardware disconnect switch on their computer that would accomplish the same thing. Almost none of them do though, even if they include hardware cutoffs for other peripherals (my ThinkPad, for example, has a build in cover for the webcam, which is quite nice). I hope Apple’s example encourages more vendors to implement some kind of microphone cutoff switch because being able to listen to conversations generally allows gathering more incriminating evidence that merely being able to look at whatever is in front of a laptop.

What Part of Free Didn’t You Understand?

Did you know that a majority of apps targeted at children contain ads:

(Reuters Health) – Those cute little apps your child plays with are most likely flooded with ads – some of which are totally age-inappropriate, researchers have found.

A stunning 95 percent of commonly downloaded apps that are marketed to or played by children age five and under contain at least one type of advertising, according to a new report in the Journal of Developmental & Behavioral Pediatrics. And that goes for the apps labeled as educational, too, researchers say.

That’s just terrible… oh:

The researchers scrutinized 135 of the most downloaded free and paid apps in the “age five and under” category in the Google Play app store. Among them were free apps with 5 to 10 million downloads and paid apps with 50,000 to 100,000 downloads.

Emphasis mine.

To once again quote The Moon is a Harsh Mistress, there ain’t no such thing as a free lunch (TANSTAAFL). If you can download an app without paying upfront, the developer is making money in some other way. Advertisements are the quick and easy go to. In app purchases are the more sophisticated method although more difficult to execute because you need to incentivize users to buy your in app purchases. When your target audience is children, in app purchases are even more difficult because parental controls often prevent children from making purchases directly.

Instead of performing a study with an obvious result such as determining how many free apps display ads (almost all of them), a better study would be to learn why people are so foolish as to believe that they can get something for free.

No Jury Will Convict Him

There are certain crimes that are justified by the circumstances under which they were perpetrated. This is one of them:

A scientist accused of attempted murder in Antarctica stabbed his colleague because “he was fed up with the man telling him the endings of books,” it has been claimed.

Scientific engineer Sergey Savitsky, 55, became enraged and stabbed welder Oleg Beloguzov, 52, with a kitchen knife.

It is believed to be the first time a man has been charged with attempted murder in Antarctica.

I doubt that there’s a jury on the planet that will convict him.