[talk] Fine I put tape over my webcam but now what
George Rosamond
george at ceetonetechnology.com
Fri Nov 4 13:12:04 EDT 2016
On 11/04/16 00:31, Edward Capriolo wrote:
> On Fri, Nov 4, 2016 at 12:17 AM, Chris Snyder <chsnyder at gmail.com> wrote:
>
>> On Thu, Nov 3, 2016 at 6:48 PM, Pete Wright <pete at nomadlogic.org> wrote:
>>>
>>>
>>> On 11/3/16 3:26 PM, Mark Saad wrote:
>>>
>>>> Ok
>>>> So here is a good read from the land of tinfoil hats and hacking air
>>>> gapped openbsd laptops via sound.
>>>>
>>>>
>>>> http://arstechnica.com/security/2016/11/how-to-block-the-ult
>>>> rasonic-signals-you-didnt-know-were-tracking-you/
>>>>
>>>> So the tldr parts , ad tracking via ultrasound beacons . Imagine you
>>>> install the wallmart app to get the 25% off coupon but it's tracking you
>>>> via ultrasound beacons.
>>>>
>>>> Interesting non the less .
>>>>
>>>>
>>> yea pretty terrifying that adtech has succeded in normalizing the idea
>>> that to use the internet is to consent to living a surveillance state. the
>>> worst part - imho - is the fact that most of people who i've worked with in
>>> this industry a) don't realize they are creating a surveillance state or b)
>>> think it's a good thing.
>>>
>>>
>> Just had the interesting-to-me thought that audio tracking works over
>> voice and videoconferencing links, no "internet" necessary.
>>
>> If stray dogs start taking an uncommon interest in you, turn off your
>> phone.
>>
>>
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk
>>
>
> I am less worried about adtech companies that make marginal profits on look
> alike targeting and more worried about the large player that has its own
> protocols and browser, because they make there own rules.
>
> https://www.privateinternetaccess.com/blog/2015/10/so-google-records-all-the-microphone-audio-all-the-time-after-all/
Ha. Yes.
All your mics are on and Ed stopped top-posting! Certainly a sign of
the coming apocalypse!
In all seriousness, I tend to take the minimalist approach to mitigating
these threats: treat your phone as a compromised platform that isn't
secureable. I think there's an old ACM Queue article from PHK that
essentially makes that argument from a few years ago. Your contacts,
private PGP and SSH keys, etc., are public information when residing on
your phone.
PHK also happened to do a review of Silent Circle's BlackPhone2 in three
parts. This is the first:
https://www.version2.dk/blog/blackphone2-review-1-508188
It's noteworthy since it's supposed to be a secure phone, but the
weaknesses are standard problem on all phones. Ultimately, assurances
and policies from the manufacturer, software providers and of course the
cell network provider aren't a basis for 'privacy by design.' And most
don't even provide favorable policies.
In regards to this actual vulnerability, I wonder what the 'cost'
(computationally on the provider-side, not just monetarily) is on such
surveillance, er, I mean data-mining, really is. You have firms which
rely on third-party cookies still, and the step up to audio captures is
a significant leap in terms of required resources for storage, parsing, etc.
I'm sure there are people on this list who may know the answers, but
aren't in a position to speak about it publicly...
g
More information about the talk
mailing list