Enjoy those pictures of the inside of my pocket.
Surveillance companies can use your iPhone to take photos of you and your surroundings without your knowledge, said a representative from the Bureau of Investigative Journalism at a panel chaired by Julian Assange™ today. Companies also sell products that will let them change the messages you write, track your location and nick …
Thursday 1st December 2011 17:07 GMT Anonymous Coward
And, as smartphones are now computers on which we can install software...
We'll no doubt soon be able to buy apps to detect and remove surveillance software, or perhaps more amusingly, send it spoof info.
Spookmaster: 'Are we getting the surveillance feeds from Brannigan's phone?'
Spook: Loud and clear. He's on top of the Empire State Building. I can't make out the conversation - those aardvark mating calls are too loud. Very clear pictures though - don't you think he has an uncanny resemblance to Kim Kardashian?
Thursday 1st December 2011 17:07 GMT Mike Brown
Thursday 1st December 2011 17:21 GMT Spiracle
Thursday 1st December 2011 22:56 GMT Giles Jones
It's funny you mention the iPhone when it's Android users who are the most exposed. There's a nice opt out setting on the iPhone, what about Android?
I thought open source was supposed to stop this sort of thing? how can so many people who roll their own ROMs and tinker with the OS have missed this?
Wednesday 7th December 2011 13:35 GMT Anonymous Coward
There was a time when your only guarantee of having a private conversation was face-to-face in the middle of nowhere. Satellite surveillance put an end to that years ago, but it's hellish expensive. It's far more cost effective in these hard economic times for government and corporate spooks to bribe a few OEMs to facilitate cellphone and tablet spying to monitor our collective arses 24/7.
Thursday 1st December 2011 23:00 GMT Anonymous Coward
Friday 2nd December 2011 09:10 GMT Anonymous Coward
Re: "How the fuck we are supposed to protect ourselves"
Simple - turn it off when you don't want to be monitored. It can only track you if it's switched on (including in standby). No power to the device = no way for it to run apps or be connected to remotely. Same as with bluetooth - security hole so you turn it off when not using it.
Friday 2nd December 2011 09:10 GMT Anonymous Coward
Friday 2nd December 2011 10:17 GMT Anonymous Coward
Friday 2nd December 2011 13:46 GMT PatientOne
For a conspiracy: No evidence is needed.
However, there is little here that is new. e-mails can be intercepted, read, altered and faked, and that's been available since the first e-mail client was written. 20+ years ago, students were getting shocked by e-mails they apparently sent to themselves while they were asleep... or were sent from... no one.
Just about everything they claim about phones already exists, has existed for years and has been abused by students and others for years. It just hasn't been associated with phones until recently when phones became 'smart' enough to run such applications.
Saturday 3rd December 2011 00:01 GMT Anonymous Coward
I'm a network engineer with 30 years of experiance in the field of Information Security. Computer Forensics and penetration testing of various devices and netwoeks is what I do for a living.
I can confirm EVERYTHING that Julian Assange made reference to in that article.
You can either stick your head back in the sand, or open your eyes to reality and decide where to draw the line, or you can be perfectly okay with it all, but you have no right to complain later, as you would be accepting it now.
Sunday 4th December 2011 08:02 GMT Mark 65
Not everything is as much an issue as first made out.
"Speaking on the panel, Pratap Chatterjee of the Bureau of Investigative Journalism (which works out of City University, but is an independent organisation) said that your phone could be used to record and send information about you even when it is in stand-by mode."
Blackberry devices still have removable batteries - the only way to ensure something is off rather than in low power mode and it's a bit difficult to do with no power. iPhone users are definitely fucked.
Saturday 3rd December 2011 02:19 GMT dssf
Install our own software to monitor the activities?
-- the police logging your porn to build a prospective "likely child molester/serial killer db"
-- your care provider snooping your dining habits
-- your creditors/lenders poking around finding reasons to raise interest rates on YOU or a CLASS of "yous"
-- imagine your employer paying to get wind of your shopping around for a new job
-- imagine your ISP sussing out your feelings and creating sneaky campaings tailored JUST to keep you from defecting, but rooking you 6 months later
Imagine some or all of just THOSE examples getting loose.
The only GOOD thing about aggregation of all this information is that so long as no one is out the F*CK YOU, you have corroborative trails exonerating YOU (for now, for now) of something you were initially going to be accused of or placed into an open, non-closing, never-let-go-cold-case file.
But, wait till a killer with money finds a broker who'll pay to cascade tampered evidence down a number of backups and live data stores -- even into credit card and other companies -- to find a fall guy. It may not be YOU as in YOU because of YOU, but just that your patterns fit a nice distractive or diversionary path to take attention off the real killer or kidnapper or molestor or swindler or whatever. Even if you are eventually cleared and never brought to a court, it'll still be hell proving you're not sabotaging your own trail to wrongfully cast doubt on yourself.
Yep, these may be movie-grade ideas, but for people with VERY SHALLOW footprints, it might become VERY easy to be selected as a mark to fall for someone else, whether it's a bad guy or an investigator wanting to close a case... Wait, if you're lucky, your truthfully used DNA may exonerate you, too.
Maybe a nexus of universal hell-evil has to come together to be your (or someone else's) undoing.
Saturday 3rd December 2011 09:51 GMT Proof
Proof - Media exposes
Here's the proof - published in physical newspapers as well. A la News Of The World , if a paper says mobile hacking happens then they know what they are talking about :)
From the Business Standard newspaper, India :
The two men behind India's 'secret' surveillance industry by Akshat Kaushal & Surajeet Das Gupta / New Delhi December 3, 2011, 0:39 IST
URL : http://business-standard.com/india/news/the-two-men-behind-india%60s-%60secret%60-surveillance-industry/457443/
Another article with a video showing OEM spy software on your phone.
Your Android-based smartphone could be watching just about everything you do, Android security researcher Trevor Eckhart argues in a video posted earlier this week.
In the nearly 20-minute video clip, Eckhart shows how software developed by mobile-device tracker Carrier IQ logs each keystroke and then sends them off to locations unknown. In addition, when Eckhart tried placing a call, Carrier IQ's software recorded each number before the call was even made.
Although Eckhart's data comes from Android devices, it's worth noting that Carrier IQ's software is running on over 130 million mobile devices worldwide, including those made by Nokia and Research In Motion.
Wednesday 7th December 2011 13:08 GMT Rob Dobs
umm, it was mentioned in the article
287 documents from 160 companies in 25 countries.
Pretty through evidence really. Now you can say he forged it, but for all their faults, Wikileaks is kinda known for leaking things (hence the name) not forging them.
As opposed to foil hat bridge, I would propose that you acting like an ostrich and putting your head in the ground, as I pretty sure most people assuming that this was indeed going on, it just wasn't proven with evidence until now.
BTW don't the Palm products on this list, or mentioned in Carrier IQ discussions either.....
Thursday 1st December 2011 17:09 GMT Is it me?
D'ya think probie
Sorry, but if a device has the capability to do something, then you can write software to use it. This applies to any software driven computing device.
I worked all this out two nanoseconds after I knew some phones had GPS locations in them. You can either take it as a benefit, that your phone can always be found, or not, if you don't want geolocation, buy a phone without it.
BTW Tom Tom Live can also report your location, as it has a 3G connection for live trafic updates.
You should also realise that because there are so many people out there, and so few security people to watch you, you are just noise until you do something to come to their notice, like plant a bomb, or rob a bank.
Alternately you can forbid this practice and have a tax hike to pay for all the extra officers required to keep you safe.
Thursday 1st December 2011 22:57 GMT 27escape
Thursday 1st December 2011 23:00 GMT Anonymous Coward
Who needs GPS?
The cell carriers...and anyone using thier information...can track ANY cell phone, simply by looking at the cell sites the phone has/is connected to.
THIS IS NOTHING NEW.
Sorry Julian...you’re tilting at windmills once again. Now...go outside and get some Sun. You look awfully PALE!
Thursday 1st December 2011 23:00 GMT multipharious
Well, there are a few...
Commercially available, but they have to be installed (see: mobile spy) This is not an OtA type thing where your phone suddenly gets pwned. Target doesn't have a screen lock key enabled, or leaves their desktop unlocked, and does not have any idea how many junkie apps they have either. The exploit requires physical access, but once installed you are "live."
There are various spheres of desktop snoop software. The "legal" snoop-on-your-spouse crap and then malware like Zeus and SpyEye.
I guess I should read the rest of the comments, but yours caught me thinking, "Hey right! Is this something new? Where is the proof?"
Friday 2nd December 2011 00:55 GMT Steven Roper
@Is it me
"You should also realise that because there are so many people out there, and so few security people to watch you..."
That argument might have carried water 30 years ago, but not today. With things like face-recognition software, behavioural-analysis software and the massive storage capabilities of today's computers, you don't need "security people" to watch you - the software does all that for them. Effectively, you ARE being watched all the time, and the moment you do or say something that the ruling elite don't like, that software will flag you up and turn you in within a heartbeat.
Saturday 3rd December 2011 00:02 GMT kellerr13
"You can either take it as a benefit, that your phone can always be found, or not, if you don't want geolocation, buy a phone without it"
What if all the phones have it? What if you can no longer get one without it?
Don't like breathing air with the chemicals in it? DON'T breath. It's YOUR choice. You HAVE the option.
Saturday 3rd December 2011 00:02 GMT kellerr13
"Now, if only I was doing something worth being surveilled :) :)"
That depends on the agenda of those watching you. They may decide to come after you because of your ethnicity, but if they do, it will be too late for you to do anything about. The potential for abuse is all in their hands, and none of it is in yours.
and it's YOUR fault.
Thursday 1st December 2011 17:11 GMT Ian Yates
While I don't doubt some of what was said (insert 'shocked' face that Gmail is a marketing tool), some of it comes across as plain bonkers.
Maybe I'm wrong, but it just sounds like too much effort for any potential gain.
"products that will let them change the messages you write" - apart from spellcheckers, how would you not notice that your messages are not what you wrote?
As for the illicit sending of personally identifiable information (photos, recording sounds, etc.), if anyone ever put a proxy in the way and discovered the suspect data (and there are people out there that do this often enough), it would be a media storm to dwarf the current Leveson inquiry.
Thursday 1st December 2011 17:11 GMT KamL
Never really believed anything different........The same is true of loyalty cards. The information used from those are used against you. But people are distracted rom the 10p off of whatever product.
It's no different to real life.
If you hand information over to someone else - you have delegated responsibility. Regardless of laws. Similar to a cheating partner.
They both know it hurts you. But you'll just get a sorry and have to move on......
Thursday 1st December 2011 17:11 GMT fLaMePrOoF
Last year I was on a boat trip up and down the Thames, I took lots of photos on my plain old Samsung U600 feature phone, including several of Vaxhaul Cross (MI6 HQ).
When I got home and downloaded the pics from my SD card there were NO photos of Vaxhaul Cross, but all of the pics up to that point were there, as well as all of those taken after when we left the boat...
What's more; the filenames were still in sequential numbered order, with no numbers missing in the middle.
The handset had no wifi, can't remember if bluetooth was turned on but I think not as I generally keep it off by default.
So - what happened there...?
Thursday 1st December 2011 23:00 GMT Anonymous Coward
What happened there?
I'd say you were mistaken in that you never took any actual snaps of MI6.
I've done this myself: I have sworn that I'd saved a snap but it just wasn't actually committed to the SD card.
I'm mega-paranoid myself but I don't believe that MI6 CARE who photographs their building nor do I reckon they can do what you are suggesting.
Thursday 1st December 2011 23:00 GMT Gordon 10
Thursday 1st December 2011 23:01 GMT Neill Mitchell
MI6 sure are cunning at hiding their address.
Anyway, what's more likely here?
a) MI6 can remotely force your camera phone (running gawd knows what variant of firmware) to delete and resequence the shot numbers to cover its tracks.
b) You didn't hold down the shutter button long enough.
If they let their building be filmed in goodness knows how many Hollywood blockbusers, I hardly doubt a tourist with a camera phone is going to bother them.
Thursday 1st December 2011 23:01 GMT Just Thinking
Friday 2nd December 2011 10:17 GMT KnucklesTheDog
What happened there is...you've made it up - either deliberately or not.
Many years ago I went to a talk by Mark Thomas and his production team, although he didn't turn up in the end, it was just his team. They sat and told a room full of people about how "the man" could do all these things with your phone which, from several years working in mobile telecommunications for some of the worlds biggest handset manufacturers, I realised was completely untrue. People were audibly gasping at the thought of this big brother state, which didn't exist. People have been spreading this crap for years, everyone loves a conspiracy because real life is far more dull.
Which is more likely:
1) Governments employ teams of Jack Bauers, Edgars and Chloes who can hack into any computer, phone or security camera any time and perform miracles of surveillance on anyone anywhere in the world.
2) Like any other large organisation, they are bogged down in unmanageable processes, faulty equipment, layers of management trying to save their own jobs, and general ineptness by a disinterested workforce.
Governments can't even pull off outsourcing NHS IT contracts for gods sake, the idea that "they" are watching you all the time is total fantasy.
Wednesday 7th December 2011 13:16 GMT Esskay
Friday 2nd December 2011 09:13 GMT fLaMePrOoF
Har har har.
All of your responses are quite understandable, however, there was no malfunction or problem with my operation of the camera, in fact I took more shots of that building than any other landmark, probably 10-20 at least as we passed the building in both directions. In between the two times we passed Vaxhaul Cross I took several shots of the O2 arena and they were all present and correct.
What I've posted is the simple fact of what happened, to this day I have no reasonable explanation for what happened to those shots or why, but I know that I took them.
Wednesday 7th December 2011 13:19 GMT Evil Auditor
Since you did no maloperation and it is highly unlikely that the MI6 was fiddling your phone there remains only one explanation: the MI6 deployed to newest über-tech to spin your mind into believing that you actually took pictures of its building.
If I'm right, this comment should never appear - because MI6 just made me believe that I wrote this. If it is being published, well, have a second thought about maloperation...
Wednesday 7th December 2011 13:35 GMT Mephistro
A possible explanation
After taking the photos you left your cámera with the button - or combination of buttons- for erasing photos pressed. It secuentially erased your photos till you moved the camera again, probably a few seconds later.
Something like this happened to me a few years ago with several addresses in my non-smart-phone.
Now, I wouldn't totally discard your explanation, given what I've read on the subject.
The part that really pisses me off is the way the sheeple give away their privacy without a second thought in exchange for using some shitty app or belonging to some shitty social network, because "it's free".
I know that trying to "educate the masses" is like sowing sausages -lots of work, and success is not totally guaranteed ^_^ - but it's our only hope.
Friday 2nd December 2011 09:13 GMT Allan George Dyer
Sunday 4th December 2011 16:09 GMT Nanomousey
EM EYE FUNF address revealed on Spooks?
@Allan George Dyer
Sorry but Spooks shows the wrong building as HQ of the 'domestic' service. Spooks shows a law office and grand masonic lodge. Just like half the buildings in the last series where Harry meets somebody in a quiet London location, which turns out to be Greenwich University Campus - the old RN Maritime buildings.
Try navigating by street view near Millbank looking for a road with a prickly name. Look out for the fast-rise/fall bollards by the car entrance and the armed guard. That's where it actually is!
Friday 2nd December 2011 10:17 GMT dephormation.org.uk
Thursday 1st December 2011 17:14 GMT JeffyPooh
Thursday 1st December 2011 17:21 GMT adnim
or tell me something I don't know.
Gmail emails like any other email can be intercepted, or just passed on by the service providers to third parties.
Certain features of mobile devices have been used by service providers and device manufacturers to monitor and record "certain" device functions. So it is common knowledge that a mobile device can spy on the user or at least it should be.
The real news would be in the proof that the Illuminati actually exist and are in a concerted effort, along with the assistance of service providers and device makers, to monitor the content of every email and the communications of every device user in order to manipulate the masses into acceptance of the Status Quo.
Still, it isn't unwise to learn how a device works and what it does by itself either during start up or as a background task and be able to change that behaviour, should you so wish, before entrusting it with information you would not want shared. The simple fact that such a device *could* leak information without the users knowledge or approval is a security risk and should be mitigated before the device is used.
Unfortunately learning how a device OS works and being able to alter the behaviour of that OS is often beyond the abilities of the average consumer that use these devices. So they *could* in the future be "screwed". Unless of course legislation saves them.
As for IT professionals, especially those in the security field there is no excuse, you can save yourselves by either rooting your iPhone or move to Android or another OSS and gain FULL control over your device. Until you gain that control, the simple fact is...Your device is a security risk.
Friday 2nd December 2011 11:48 GMT Anonymous Coward
Friday 2nd December 2011 13:41 GMT Lee Dowling
All devices are security risks. Millions of things are security risks. The point is not that they are a risk, but how to handle them and make yourself aware of that risk. If you wrote your email on a computer with a chip in it, or with certain toolbars installed, chances are that you're less safe than your smartphone anyway.
I use GMail, for personal email. I use a mobile phone, for personal conversations. I use Facebook, for posting select information. I don't have anything that I wouldn't show a court on demand, so it's not really a problem.
The simple fact is that almost all my emails are interceptable and readable, and not just by governments. I know that. I'm not stupid. My text messages are inherently insecure too. My phone calls. Faxes I send. All of them insecure and incredibly easy to be tapped by a determined entity. Worrying that GMail might be intercepted by a program on my Android phone is a little pointless in the face of that, even if it's by a commercial entity. If I was that worried, I'd not be using anything with that capability anyway (i.e. no smartphones at all).
But the stuff that matters, that's where you need to look at risks, not the stuff that doesn't. My credit card info is only stored at my bank and the vendors that I deal with. Thus it's not "high-risk" unless I'm stupid enough to email them my card number (or they do the same back to me). But even my bank transactions are not free from risk - credit card fraud is easy, key-snooping is simple, governments and law enforcement have COMPLETE access to my financial details if they want (not by my request, but just the way that things work). Anything in my email account may need to be produced to a court of law on demand. Even my computer isn't "safe".
That's the point here - you can worry about the stupid things that you can't avoid or you can worry about the important things that you can avoid. If you want to send some "super-secret" information in a way that your government won't know about it or be able to trace you, it's not easy but it is possible if you use your brain. If you want to send an email to your mate, it's not really that important who reads it.
However, if you use any device that you don't have the entire electrical specifications for, that hasn't been verified by you personally to meet those specifications, wasn't assembled in a clean-room with components that you've personally verified and watched all the way, doesn't have a completely open firmware with source code that you've compiled double with two different compilers (which you should compile each other with too) and compared the output to ensure rogue code isn't inserted, where you've verified every binary bit of the end product, then you *CAN'T* be safe. Basically, for all practical purposes, none of the above will ever happen for anything you buy in a shop. So it's game over unless you want to sit with your tin-foil hat hand-assembling transistors for the next decade.
And a government, or even a corporate entity, that reads my email, or even taps every byte of my home connection, wouldn't be unusual at all even in a first-world country (it only takes a suspicion of links to terrorism and a court order, even if you require them to do it legally) and they would get bored incredibly quickly. No, they shouldn't be doing it, but the point is that it takes seconds and you could be monitored now. Some crappy app on your smartphone is hardly the end of the world in comparison, and completely defeated by you a) not using it or b) at least not using it for anything you want to stay private.
Risk is a sliding scale of impact on me, consequence on others and chance. There's a risk that GMail will publish my entire inbox to the world next Tuesday and I'll be on the news. It would have virtually zero impact, but huge consequences for others and the chance is INCREDIBLY low. There's a risk that a smartphone is broadcasting my emails and location to a company in the US. It would have virtually zero impact, huge consequences for others and the chance is slightly higher. In terms of how you use those items (i.e. to communicate with people in foreign countries), there's probably no better way in the entire world though, than to trust GMail / smartphones.
That said, I don't use smartphones. Not for any privacy risk but because I really don't want to spend huge amounts of time managing yet-another-computer when all I need is a connection to a mobile network. Impact on my time to use a smartphone is high, consequences for others is zero, risk of something going titsup is high. It's a worse deal.
There is legislation in place for companies that abuse privileges (and these key-tapping smartphones aren't in Britain, probably because of our Phorm issues and the associated court cases) and that's the best you can do.
Everything's a risk. But not everything that avoids that risk is worth the time, effort and money to do so.
Thursday 1st December 2011 22:59 GMT Sean Baggaley 1
Dear Mr. Assange: Can I have some of what you're smoking?
I really should buy shares in the tinfoil industry.
"Surveillance companies can use your iPhone to take photos of you and your surroundings without your knowledge"
I've never understood this assertion. A good photo can't be taken from a device that's being waved around, tapped, swiped, or tucked into one's pocket. Nor will you get a great shot from a phone that's jiggling about in a cheap in-car phone holder.
Any photos an intelligence operative got from my phone would be blurry and shite. Or dark and pointless as my iPhone spends most of its life either in my pocket, or staring face-up at my living room ceiling while it's charging.
I'd imagine most phones would provide similarly pointless results.
Now, GPS location tracking is a possibility, but GPS chips are quite the drain on any phone's batteries and most people tend to switch it off when they're not using it. It's also highly unlikely that any phone will actually *get* a GPS signal when it's in a pocket and indoors (as I usually am). At best, you could log GPS usage on the device and upload a list of locations when needed. I'm not that bothered about this: I can drive from London to Rome entirely unaided—I've a very good sense of direction—so I use GPS extremely rarely.
And, of course, I switch my phone off if I'm driving across borders anyway as I'd only get irritated by the repeated "Welcome to country X" SMS messages informing me of their usurious roaming rates.
If you're particularly paranoid about GPS tracking, just learn to read a map. It's not *that* hard.
If you really do find it particularly difficult to remember a route in map form—i.e. you have poor spatial navigation skills—there's a wonderful invention called "signposts". I heartily recommend this ancient technology: reading these "signposts" means you can drive any arbitrary route by simply making an initial list of key towns and cities along the way. Follow the signs for the first destination on the list. As you approach that destination, you'll start seeing signs for the next destination on the list, so you switch to following those signs instead. Repeat until you've run out of list.
Not much you can do about cellphone mast triangulation, but that's not exactly accurate. Consumer-grade GPS is a bit vague too, so it's not a 100% reliable source of data for a court case. (The GPS signal on my iPhone right now thinks I'm actually sitting in the middle of a car park over 150 metres away from my apartment. GPS and narrow valleys are not a great combination.)
Granted, keylogging and the like aren't easy to circumvent, but that level of surveillance requires either a root kit installed with the OS (hello Carrier IQ), direct physical access (in which case, all bets are off), or some form of third-party trojan installed through an insecure channel. Say what you will about Apple's curation processes, but while they may not be 100% foolproof, they're still a substantial barrier.
Thursday 1st December 2011 22:59 GMT Big Al
Why so surprised?
"We're seeing increasingly wholesale monitoring of entire populations with no suspicion of wrongdoing – the data is being monitored and stored in the hope that it might one day be useful."
Well YES... what do they think GCHQ and the NRO have been doing all these years?
These are just new methods for the same old thing.
Sad but true.
Thursday 1st December 2011 23:00 GMT carter brandon
Thursday 1st December 2011 23:01 GMT Anonymous Coward
It'd be nice if some clever developer could write an app that would deport Assange to Sweden, or at least back to Australia. I'm far more worried that the combined forces of law and order in two European countries can't seem to achieve that one simple thing than I am about my mobile phone spying on me.
Thursday 1st December 2011 23:01 GMT Stevie
Friday 2nd December 2011 00:57 GMT Anonymous Coward
It's actually not that crazy to think that you could get useful photos.
First, there are the photos people take of -themselves- - at some tourist trap, playing with their kids, etc. But there are also plenty of times your phone *isn't* in your pocket or against your ear - I'll charge my blackberry at my desk, occasionally, so there it'll sit, pointing up at the ceiling. Or maybe propped up against the computer if there's something big I need to put in its usual area. Voila, perfect photo op.
Or you hand your phone to someone so they can look at some picture / read some email... mostly the camera will be facing down, but there'll be moments where it isn't.
So, it would take some effort, but you could certainly get a good picture of someone with some patience. And a whole LOT of good pictures of the people who happen to be around them, standing to the right - and depending on the organization you belong to, that might be worth even more!
I'm not sure how likely I rate this stuff as being, but it doesn't seem blatantly impossible on its surface.
That said, this stuff has to be installed by your carrier, or someone else with physical access, like your cat, right? It's not like Numbnut Marketing from Wallawalla, Washington can just pay five grand for some software and start the knuckle-cracking and cackling as they find out that you like potted begonias, motorsports, pleated trousers, and progressive trance, and therefore determine that they should sell your information to Toyota since you're much more likely to buy an Avalon - probably with the V6 and premium package - than a Sonata.
So, you can go the uber-tinfoil way, and say it's the government insisting on having this access. But if that were the case, we wouldn't hear about it. The government is bad at many things, but if it's -really important-, it gets done right. So I doubt that's it, unless they just don't -care- if they're caught.
Or you can go the other way, and say that the service providers deliberately allow arbitrary companies to access any and all of your most personal data, and watch you in your own house. That's a huge risk for what would have to be relatively small compensation. And why would BlackBerry allow this? Their whole model is based on corporate security; this would be utterly devastating (well, to the extent that they can be further-devastated).
It all seems quite strange. Granted, people have done pretty irrational stuff before, but this would be a hell of a big project, with a lot of people involved, to have it been driven purely by insanity.
Friday 2nd December 2011 00:57 GMT Mr Templedene
Let's just switch this round for the "if you have nothing to hide you have nothing to fear" crowd
Ask these companies to go public on what information the collect, how they store it, who they give/sell it to and how long they keep it.
After all, they are going to tell you because "if THEY have nothing to hide, then THEY should have nothing to fear"
Not getting a response? then I guess they do have something to hide, and something to fear!
Friday 2nd December 2011 09:10 GMT Anonymous Coward
Mock if you will...
...and admittedly some of the claims are, shall we say, eminently mockable, but... the capability to compromise a mobile phone and use it to monitor conversations (even in standby) is quite real. A few years ago all government departments in the land I shall codename Dow Nunder quietly installed lockers outside their secure meeting facilities (depositing mobiles prior to meetings, for the use of). Prior to this ruling mobiles were permitted in (most) meeting rooms as long as they were turned off.
Friday 2nd December 2011 09:13 GMT eulampios
As far as gmail is concerned, for the really paranoid ones, pgp (gpg) is the savior. Email client such as mutt, alpine vm (rmail) from the emacs, thunderbird/kmail or any decent client will also work. Or just install postfix+spamassassin ....
Not sure, why specifically gmail? Not yahoo/hotmail or others?
Friday 2nd December 2011 10:03 GMT Martin Huizing
I knew something was changing the text messages...
It's called iPhone auto-correct and is the cause of most SMS related awkwardness in history!
Son: WORST DAY EVER
Son: Bring some scissors over. Robby got his cum in my hair.
Mom: It's ok. I have had so much cum in my hair. I don't have to cut it. Just wash it.
Son: I meant GUM mom. GUM.
Son: Now I'm gonna throw up!
Mom: I will be over in 2 mins
Friday 2nd December 2011 10:03 GMT JaitcH
Regulation is superfluous, the key is PREVENTION
You can have all the regulation (i.e. laws) in the world but they are meaningless. Does GCHQ bother about laws? Laws are for law abiding people, just as locks are for honest people.
It's illegal to listen to decrypted cell conversations or peoples voicemail boxes but it sure didn't slow down Murdoch and the NotW gang.
The GSM encryption schema is weak, as has been described in Reg before, the US government requires there be back doors n ejcryption devices. Only a very few, like Phil Zimmerman, give them the finger.
But this is nothing. Wait until Cameron puts a smart meter in your house. Then there are the smart appliances that go along with them. Already, in Korea, you can buy 'smart' appliances. Start a washing machine load,but read the screen, the machine might have been to to hold off until later when it gets the OK from the smart meter.
Same with defrosting your fridge, chat chat chat between the things in your home and the smart meter and then to the electrical supply company.
This isn't future technology, this NOW technology. It isn't paranoia, it's fact.
Police get on line, real time, access to all manner of utilities - it's one way they learn about abnormal power consumption for drug growing - and it will increase.
Say Plod wants to raid your house, a push of a button and your smart meter can cut power.and since the power meter is controlled by the power company, they don't need a warrant.
If you want to stop this spying people better start investing in ferrite rings (for power cords) and study Faraday cage construction for that smart meter - a large piece of mesh across the back wall before they mount the meter is a good start.
I, personally, am happy that some segments of the population are waking up to the fact that government is not only in your bedroom, as Trudeau once said, but they are in your pants.
Friday 2nd December 2011 10:03 GMT Belgarion
Friday 2nd December 2011 13:39 GMT Ben Tasker
Friday 2nd December 2011 17:47 GMT snowlight
Wednesday 7th December 2011 13:31 GMT Sean Baggaley 1
... many electricity meters are mounted on external walls already, so unlocking the, or just reaching through the already vandalised, plastic casing and pulling a lever / flipping a switch would be no great difficulty either. No smart meter necessary.
Besides, if it became known that the police could control and monitor every election you used, the power companies would find it a tad harder to convince you to upgrade to their newfangled smart meters. They don't have a vested interest in this. Smart meters are primarily being introduced in the UK in order to get people to stop using so damned much electricity.
The days when the UK had convenient access to lots of coal, and, more recently, to North Sea gas reserves, are ending: unless you build a bunch of nukes very quickly, your energy role model will be resource-poor Italy, not nuclear-happy France. Get used to it.
Friday 2nd December 2011 13:40 GMT Intractable Potsherd
I've seen some of these iPhone autocorrects before ...
... and I'm confused as to how they work. To me, the correction in the current example would be cum>gum, not gum>cum, so how does this autocorrect work. What sort of dictionary does it have - a very complete one, presumably!
Disclosure: I do not use text-guessing on any of my communications devices, and it may be a bigger problem than the iPhone, for all I know.
Wednesday 7th December 2011 13:30 GMT Field Marshal Von Krakenfart
Southpark - "The Snuke" S11 E4
What like this?????
"Stan heads over to Kyle's house to see what he's doing when Kyle explains to him he did a Google search for Hillary Clinton campaign rally and was led to YouTube account where a Russian man, Vladimir Stolfsky, has videos of every single Hillary Clinton rally. He then cross referenced his Youtube profile with his MySpace page and discovered, and according to his blog he's an old school communist. Kyle and Stan find a bunch of old Podcasts by Vladimir with links to eBay, where they plan to search his user name and see what he's been buying."
Friday 2nd December 2011 10:20 GMT Anonymous Coward
Gmail is not the problem...
Legally speaking it would be costly for Google to wiretap with GMAIL because if they were caught violating wiretapping laws massive class action lawsuits with literally millions of plaintiffs (victims) would pop up overnight and implode the companies stock killing them on Wall Street.
Also take their language on their website which is combed over by lawyers to make sure that it is truthful enough that if the company gets a writ to appear before the court they will be able to defend their language.
"Ad targeting in Gmail is fully automated, and no humans read your email in order to target advertisements or related information. This type of automated scanning is how many email services, not just Gmail, provide features like spam filtering and spell checking. Ads are selected for relevance and served by Google computers using the same contextual advertising technology that powers Google's AdSense program ."
Read this page, see the government actions reveal that most of the Law Enforcement requests that Google gets that are not relevant to criminal prosecution matters are denied...
Not to mention how insanely expensive it would be for Google or other tech companies to keep terabytes of data in their data centers on each gmail user (literally millions of them) and to needlessly make their own servers vunlerable to hacking by creating loopholes in their encryption procedures. This would be for little or no profit and no guaranteed benefits from the Government going forward...
Corporations do everything because they can either do something they already do cheaper or because something will result in massive revenue growth and therefore more profits for the taking. Their is not profit potential in this wiretapping thing becayse most of the data 99.9% is useless "noise" chatter content anyways...
Tin foil hats indeed as many posters have indicated. I used to respect Julian Assange before he started calling himself a "journalist". He should either go to prison and be a man about it or check himself into a mental asylum...
Friday 2nd December 2011 10:28 GMT Anonymous Coward
I guess if we're all being paranoid, then we can easily imagine that some super-smart programmer would write his or her spy application to only take photos while a number is being dialled on your phone, during the call or even just after the call.
Chances are they would get some shots of whatever terrorists you happen to be hanging around with at the time, rather than just random shots of the ceiling / inside of your pocket or handbag or whatever.
These phones do video too, some MI 6 could get real time video of your best mate picking his nose in a pub while you explain to your girl friend exactly why you're going to be late.
Friday 2nd December 2011 11:48 GMT Anonymous Coward
I'd like to quote a professional about this matter.
"Privacy is for paedos..." - Paul McMullan
You guys got something to admit to Paul McMullan?
Thankfully they have all this technology hacking me so I stay on the straight and narrow.
(Anon because Selena Gomez makes me want privacy)
Friday 2nd December 2011 11:51 GMT Anonymous Coward
I see what is either a lot of dellusional posters or a rabid bunch of sockpuppets in operation here. You all need to stop calling people tinfoil hat wearing kooks as well as using the word 'theory' constantly along with the word 'conspiracy' and thus dismissing things off-hand. Don't you find it strange how the two words have been associated in everyones feeble minds in order to assist in the coverup of actual conspiracies via social engineering methods and the meme of the tinfoil hat-wearer has been created in common geek folklore. Science is merely 'theory' which has been accepted by 'consensus'.
You are either being survielled right now or you will be fully survielled in the future, perhaps this would not be a problem were the system benevolent, but look around yourself just now and what do you see - authoratarianism, fascism and the police state. Grow up, wake up and read up. Library - Libre - Liberation (freedom).
Friday 2nd December 2011 11:51 GMT itzman
"Who here has an iPhone, who has a BlackBerry, who uses Gmail?"
Oh no sir not I sir...
I am beginning to realise that wireless and mobile technology is (as I always suspected) a way to do more of the things that are really bad for your health and peace of mind, like posting to Usenet, watching porn, having endless conversations with people you don't like enough to actually visit, or sit down at a proper phone to call, and now increasingly to give away all your names + passwords in clear text as you use the public wifi hotspot to goggle at your gmail, and, the last straw, now anyone can watch you doing it , listen to you doing it, and know where you are.
Gosh. But why would anyone want to? And surely in this world where a celeb earns more than a rocket scientist. isn't being exposed to the public gaze what you trendy I-People really want, deep down? Why else would you be flaunting the bloody things every where you go and talking in raised voices to invisible 'companions' . There used to be a word for that...
Come one admit it. You only BOUGHT the whole thing so you could get noticed, thats why your piks are on You tube and flickr, your mental dribblings are in twitter, and after all sooner or later, if there isn't an app for that, you wont be doing it.
In short, you have got exactly what you wanted. 15 microseconds of fame.
With luck some hacker will come up with the internet version of X factor, called Se(X)- factor and, if, after watching and listening to 5 minutes of your unbelievable tedious lives, they decide that you don't pass even the most basic Darwin test, a quick pirate APP will cause your phone to go into RF meltdown, sterilising you permanently and removing your useless DNA from the gene pool.
Failure to own a device will be an ineffective counter because with out an I-App, who knows where to find sex anyway these days?
Such a brutal form of 'Weakest Link' would be the ideal solution to a world overpopulated with people whose only skill is spending someone else's money and wandering the deserted malls of 20th century bygone civilisations, giggling and tweeting about how cool it all is...
Friday 2nd December 2011 13:21 GMT Anonymous Coward
This is only part of the problem..
I think Assange makes some strong points. Some people talk about proof and such; well, its no secret by now that gmail scans e-mail contents to make sure that the advertisement which comes with the 'free' service fits your persona as best as possible. Its a small step to start utilizing this data for something else.
But lets not pretend its solely Google, Apple and Blackberry. What about using RFID chips on stuff which you can buy in stores and such? That stuff can also be monitored (if its not destroyed first). Heck; here in the Netherlands people who have a modern passport or ID card basically carry around an RFID chip which contains their biometric data (fingerprints and personal data).
No, the heart of the matter is that as long as it makes their lives easier, either for real or on a promise, then most people are perfectly willing to cast aside any fears for nasty side-effects and basically don't care at all.
Friday 2nd December 2011 15:20 GMT Anonymous Coward
What's the problem with RFID in passports? A passport already has biometric information (your photograph) and that can be read by anyone who can see it. An RFID passport (and I actually thought it was NFC, but that's besides the point) is encrypted, so at least you've got to some lengths to get someone's fingerprints. If I wanted to get someone's fingerprints, I'd get a copy of those which they leave around everywhere, you know, by touching things.
Friday 2nd December 2011 18:10 GMT Anonymous Coward
Tin foil hat is a great term here...
In Julian Assanges fantasy delusion world Google/Apple/Msft etc..would be sacrificing their main profit sources - end users and advertisers/developers - to comply with some draconian Orwellian government surveillance program that would not result in any new profits and would only result in financial losses and a destroyed reputation on Wall Street. Any company enrolled in such a program would cause it market share to vaporize overnight, which is totally suicidal. Carrier IQ in this specific case has no future as a company and will probably go bankrupt because of this scandal. After the letter from Senator Franken basically interrogating the hell out of Carrier IQ there is not a single carrier or tech company that will want to do business with them.
Capitalism has that brilliant way of the market economically punishing such privacy violators by causing them to lose their corporate reputations and thus lose customers. If a big corporation like Goldman Sachs knew that their employees were discussing private confidential trade secrets over Blackberry/iPhone/Android phones that were wiretapped by telecom carriers they would launch a massive law suit with damages in the Billions of $'s against the telecoms or forbid their employees from using such devices and buy everyone a Windows 7 Phone to make sure that their communications are secure. The financial losses to telecoms and Android/iPhone vendors or tech companies in this case would be so extreme that it would be suicidal to do any type of wiretapping program on their smart phones or web services.
The question I have for Assange is:
Why would a tech corporation willingly commit economic suicide to be involved with such Orwellian Government programs?
We don't live in a socialist society after all...
Saturday 3rd December 2011 09:50 GMT NukEvil
The answer to your question to Assange:
But first, let's take a quick look at recent history. Say, around 2008-2009, somewhere around there. Remember when all those big American corporations and banks were about to go down the crapper? Companies such as GM and Chrysler, and banks such as Fannie Mae and Freddie Mac? Remember what happened to those corporations and banks? The American government deemed those corporations and banks "too big to fail", and ordered the general populace to participate in a massive bailout or two so those corporations and banks wouldn't go under.
By all accounts and rights, those corporations and banks should not exist today (or at least, not as we know them). Your "capitalism-initiated market punishment device" didn't work the way it was supposed to, because the government needed those corporations and banks to survive, and so intervened in the "market-driven natural order of things" and propped up banks that allowed un-payable loans, and gave economic CPR to corporations that paid their CEOs multi-million yearly bonuses. And the banks are still giving out bad loans and the corporations are still paying their CEOs massive bonuses and flinging their top executives around in private jets (or otherwise in first class). It doesn't matter that the banks and the corps have more or less paid back the loans the government issued to them. The problems that caused the issue to happen in the first place have been given a green light and condoned by the government that issued them those loans from that bailout.
Now think what will happen when a big, national telecorp is on the verge of imploding because their users/stockholders decide that they don't want to be monitored with the verbosity that the government wants. If that government deems that telecorp "too big to fail", you will start hearing the word "bailout" being thrown left and right (or at least a word that means the same thing as 'bailout', and questions of 'Is this really a bailout' being asked by the talking heads on your television). Market regulations and laws in general mean NOTHING to a government that sees its own mortality inching ever closer to its end. The national telecorp will be shielded from the wrath of its users as the government orders its civilian population--including said users--to pay the costs of running said telecorp. Neither the users nor the rest of the population will have a choice.
Wednesday 7th December 2011 13:37 GMT Anonymous Coward
You didn't answer the question...
Why would a tech corporation willingly commit economic suicide to be involved with such Orwellian Government programs?
You have to realize that most large Private Corporations distrust the Government and will not willy nilly "play along" with their schemes because totalitarianism is bad for business as history has proven. Corporations interest is limited to schemes that produce profits and the worst it can get is just finding a clever way to sell you more product or keep you as a customer. Government on the other hand has always had socialist intentions and usually seeks to control by military force. In many ways Private Corporations and the Capitalist system is the only real tangible buffer between a free society and outright fascism/socialism. This is why Assange is wrong, he assumes that large corporations are willing to sacrifice profits and their own private independence to go along with Government schemes which is untrue...
Saturday 3rd December 2011 02:27 GMT DanceMan
Just because you're paranoid............
doesn't mean they're not listening to you. Anyone who assumes that all your phone and email traffic is not being monitored for "terrorist" triggers is a fool. It won't be Google doing it, it will be gov't security agencies.
Thanks to modern technology, Big Brother is Watching You has come true at last. And remember, just like the radar traps, just like the "no photos" arrests, you're at the mercy of the plods. Just today an item in the Canadian news is the Canadian from Somalia whose false imprisonment and torture in the Mideast has finally been cleared up. Tell him about tinfoil hats and see what response you get. His is not as isolated case. There have been several Canadians subjected to offshore imprisonment and torture due to incompetent surveillance.
You can dislike Assange all you want. It doesn't mean there's not some truth in what that conference was about.
Saturday 3rd December 2011 09:50 GMT vpage
Please be alert and support open source tech which is really anonymous and effective. We have a group of associated people who have developed complete solution of these problems. See how hard the great IT & Tech giant try we can always tress pass them. So want to know email us at firstname.lastname@example.org. Even in India we have supported many organizations goal to be free from Government surveillance.
Saturday 3rd December 2011 09:51 GMT Proof
What the newspaper says - and after Murdoch's revelations we all know that newspapers are authorities in this field.
From today's Business Standard, India: http://business-standard.com/india/news/the-two-men-behind-india%60s-%60secret%60-surveillance-industry/457443/
And here's a video by Trevor Eckhart showing you how to detect OEM spyware "ClearIQ" on your phone. http://au.news.yahoo.com/technology/mobile-technology/article/-/12213799/android-app-that-spies-on-your-phone/
Saturday 3rd December 2011 17:33 GMT Dropper
Saturday 3rd December 2011 17:33 GMT foo_bar_baz
Two questions: can it be done, and is there a market for it. If you answer yes to both, you know it's being done.
Regarding OS bashing, the fact that the software was found so easily on Android goes to show that open is better. Much harder to see what is running on other more closed platforms. BTW, "dumb" phones aren't any safer. Just because it requires a more esoteric and less common environment to make software for them, does not mean they are less capable of this kind of applications. Oh, never mind esoteric, Java runs on "dumb" S40 phones: http://www.developer.nokia.com/Develop/Series_40/Platform/ though tbh I'm not familiar with what APIs it exposes.
Monday 5th December 2011 11:27 GMT David Swallow
If private data is being reaped from our mobile phones, how come it has never been put to good use?
For example, when someone goes missing, all the authorities seem to be able to do is determine when the last call or text was and give a very rough approximation of the person's location (based on the cell towers). Surely, if "they" had access to more detailed information, they'd be able to use it in such situations, even if the source of such information had to be obfuscated?
It's the same with privacy concerns over CCTV cameras "monitoring our every move". We've all seen how useless CCTV footage is most of the time and the struggle that the authorities often have to identify people who have been caught on camera. If the technology is so good, so penetrative, so intrusive, how come it has never been put to good use?
I'm not trying to justify any invasions of privacy, I'm just (perhaps naively) sceptical of how detailed the information really is.
Monday 5th December 2011 11:28 GMT Fading
Make some noise
I guess the only thing to do is to up the noise ratio by liberally seeding all communications with specifc key words and context packages. So on that note: bomb, president, drugs, guns, plot, explosive, great white satan, priminister, london, new york, Obama, Mohammed, Sinn fein, Taliban....
Monday 5th December 2011 13:11 GMT Anonymous Coward
Monday 5th December 2011 14:56 GMT Anonymous Coward
Wednesday 7th December 2011 13:17 GMT Anonymous Coward
STOP HATING ON GMAIL :-0
Quote from Google...
"Ad targeting in Gmail is fully automated, and no humans read your email in order to target advertisements or related information. This type of automated scanning is how many email services, not just Gmail, provide features like spam filtering and spell checking. Ads are selected for relevance and served by Google computers using the same contextual advertising technology that powers Google's AdSense program."
If you understood computers you would see that all different types of applications scan emails, such as spell checking and spam protection. We also find these in word processing applications, web browsers and other applications that scan written text to find errors in spelling or to detect other items.
The AdSense program does not report the full text string data set of your email back to the Google servers, it merely scans to see if "keyword" tokens are present and then builds a generic advert type and places a random advert in that category on the advertising bar. This whole process only reports the "type" of email in much the same way a spam filter would, but not the actual text in the email.
Also remember Google's email servers are encrypted and all data is also encrypted as well, so this happens within an environment that only the machines and the authenticated user can read. Assange is totally incorrect when he says that Google can read people's emails, they cannot because only the email user is authenticated to do the decryption the emails in the browser session or over iMAP protocols. This is why resetting a password is so difficult with Gmail, because the Google employees literally are totally "hands off" in restoring your access.
The other thing is that it is way too expensive in both server space, on performance and financially to double the amount of data the Google servers have to store if they don't have to. As we have seen with the Carrier IQ program it slows down the overall performance by seconds. Google would have to buy 2 or 3 times the amount of data storage and servers to store all of the "wiretapped" duplicate email messages in decrypted format. Performance would also slow down rendering many services unusable at peak times, something that would kill the product.
The last item is that you need a reality check. No blue chip tech corporation like Google would ever want to risk getting a "wiretapping" violation from the Federal Government. The sheer cost and consequences of such a legal situation would destroy Google's stock and probably implode their business. Class action lawsuits would drain Google's cash reserves, shareholders would sell and the Federal Government would probably be extremely heavy handed on Google because they hate Tech companies in Washington...
Assange is a nut who doesn't understand that Capitalist corporations only do really risky things if their is significant opportunity to profit and little overhead to do so, in this case full on surveillance of millions of people is absurd and a sure way to kill a companies stock price...
Wednesday 7th December 2011 13:22 GMT goldcd
If you're feeling paranoid.
Buy PAYG android, in cash, without providing details - ideally 2nd hand and without cameras watching.
Review source code for ROM of choice. Prune anything out you don't understand. Compile and hope it works.
Tor all your network traffic and tunnel to VPN on your secure server (in volcano).
Use VPN for all services - i.e. no SMS or voice through your provider.
Oh there's no end to how far paranoia can take you. Just get slightly wound up by people who are both aware enough to get worked up, but take no precautions.. I suspect we all just like conspiracy and are lazy.