These billion dollar surveillance phones and app companies....
... are the retail arm of the NSA. They don't need to spy on the population in person - you are paying for a device to do it for them!
We’re leaking location data everywhere, and it's time to fix it by design. An example: if you go on safari in Africa, you'll be asked to turn off your smartphone's location tracking capabilities. The reason is that most people have no idea that every photo they take with their phone embeds location data in the exchangeable …
>... are the retail arm of the NSA.
It is interesting to reread the thoughts of Edward Snowden on security:
Either Ed, wasn't privy to all that the NSA were up to or they (the NSA) weren't into the collection of this type of metadata.
I get the feeling that we will see more of these accidential/unintentional leaks of metadata that permit inference about a person and their activities that they didn't intend to make public.
"Can’t someone simply wander through those images, stalking you via a breadcrumb trail of EXIF location data? Of course they can."
Wait, what!? You mean they don't strip the shit out? I had *assumed* they stripped that shit out, and it wasn't available unless you explicitly clicked the "add my location" button. Silly me.
Are you SURE my location can be simply pulled out of all my images??
"Yes, and now some CAMERAS (as in dedicated devices) come with GPS antennae."
As long as you are aware, and know what steps you need to take to address it, this isn't a problem - that certainly applies to me, and I would think you and most El Reg readers.
The real problem is everyone else - and not just knowing that the location data can be used as described, but actually giving enough of a shit to want something done about it.
my Samsung happy snapper from 2010 does gps tagging of photos. I purchased it specifically for that capability.
i/Photos on the mac will/can strip those gps tags out when exporting to third party apps etc. I think it asks you, certainly the first time, and is something i would do if i uploaded to third parties.
Not sure about how the iPhone deals with sending messages via emails or imessages though, will need to check, but its not mass uploading to the public internet.
The only way around this I can see is *explicit* sharing.
That is: only share my photos with individual people I have authorised. Only share my Whatsapp presence info with known contacts I have explicitly allowed this for.
This needs to be enforced both at the server layer, and at the data layer (e.g. each piece of data is GPG-encrypted with the public keys of the people who can see it)
This doesn't have to be NSA-proof, only Google and Ad-man proof.
I think that authorizations are a good start. Only share with known users, and only to limited numbers of them.
Main concern with large-scale providers will remain that they can start data-mining at any time without our knowledge or explicit consent for that purpose. Even claims about stripping of exif-data are not necessarily meaningful (what if they store them separately with a pic-ID).
Strong encryption of stored data with keys residing at the user could help, but how are the service-providers going to make any money?
Ah you spoof your location. That's that then. eh?
what do you think the absolute angels who made the software that does this for you are doing? that's right, logging and flogging whatever they can, to whomever they can.
It's this type of thinking that leads people to think VPN = absolute anonymity.
For once, Facebook is NOT a privacy problem here.
Facebook itself could do such EXIF analysis, but when Facebook publishes images it seems to strip all EXIF data (in the days I still had an FB account I was experimenting with tags using the excellent exiftool, hence me discovering this).
There's one problem with the way they strip ALL of it: they also wipe the "copyright" tag which is effectively interfering with a copyright notice. That is illegal under US law, but the challenge is proving intent so don't expect any class action lawsuits soon.
The fact Facebook strips EXIF is irrelevant, since people trawling for EXIF will look on dedicated photo sites like Instagram and Flickr. Facebook would be less than ideal for trawling because the majority of people (i.e. the vast majority of women, and some men) have their privacy locked down so their photos can only be seen by their friends, and can't be seen by the world at large (or Google's search engine)
Few people seem to lock down their photos on photo sharing sites, even when they post a lot of pictures of their kids.
Facebook would be less than ideal for trawling because the majority of people (i.e. the vast majority of women, and some men) have their privacy locked down so their photos can only be seen by their friends, and can't be seen by the world at large (or Google's search engine)
Let's amend that to "allegedly" shall we. For all we know (and they wouldn't tell anyone anyway) they harvest the EXIF before posting to your page and then sell it. We already know they sell a pile of user data to various companies without letting you know to whom it's sold.
The bigger the company, the less transparent they become.
Of course what they do with that location data before they strip it is anyone's guess.
And OSes that leak this data.
Google business is knowing your business.
Whenever Google does something (like Android) the only question is "How does this increase the amount of information that Google can collect about most people who use it?"
The answer is "Quite a lot."
Which is why all sorts of surprising bits of Android won't work if you have background location services turned off. Or at least that used to be the case, back when I had an Android phone. It was clear that Google want to track your location so they can sell you location related ads, but also so they can do real-time traffic status for sat-nav and keep building their database of all the WiFi hotspots on the planet for aGPS.
Heaven knows what else they do with that stuff - and of course because Google write the OS (and their Play Services is increasingly a giant digital-blob) you've no idea whether it's even possible to fully turn this stuff off anymore.
"[...] you've no idea whether it's even possible to fully turn this stuff off anymore."
Off the top of my head and without any further research on the matter I'll just assume that no, you can't fully turn this stuff off; at least not without a jailbreak.
If you remove Play Services, doesn't that make it impossible to perform updates? Trading one problem for another...
I'd say that's a bonus. No more upgrades for the sake of upgrading, adding spyware, more ads and such.
"Which is why all sorts of surprising bits of Android won't work if you have background location services turned off."
Could you give an example of something that doesn't work? Because I've had Android phones pretty much since the start, and the only thing I've ever found that didn't work without location services is satnav, which is fair enough really. No doubt some third party apps play might play up if you try to restrict them, but I'm not aware of any part of Android or the basic Google apps that come with it that will even complain, let alone fail to work, if you turn off location services.
As for whether it's really possible to turn things off, there's a clear difference in battery life when you turn things like GPS and wifi on and off, so it's certainly doing something. Wifi, bluetooth and NFC should be easy to test since they broadcast, and I'm not aware of anyone having found them operating when they're not supposed to (and given the fuss places like aeroplanes make about electronics, it wouldn't really be worth the risk of getting caught). GPS, being passive, would obviously be harder to catch out.
It were years ago that I used Android, so I may be remembering wrong (or things may have changed). But as I recall, Google maps wouldn't work if you'd disabled background location services. So Google maps itself had satellite access, but they weren't allowing you to use it, because you weren't letting them spy on you first.
Obviously if everyone did it, there'd have been nobody updating their aGPS list of WiFi hotspots for them, which I guess is the reason they went for that setting.
As for turning off WiFi, you can. And I assume Google do allow you to turn off stuff. But you may not notice a battery life drop for short uses of the GPS system. Apple certainly had their WiFi location list working in the background on about iOS5 - because it was making a list of WiFi network names and GPS locations + timestamps - and storing it in clear on the phone's storage to be regularly uploaded to Apple's servers when it was on a WiFi network. I assume Google's works similarly - unless they're even less polite and use your cellular data.
Indeed it's damn close to real time. We did a road trip and whenever the wife used her phone for navigation info, etc. she got ads for specifically the places we were. Were they relevant? Nope.. hardware stores, department stores, etc. but very little on what she was looking for. She shrugged and said "oh well".. I was rather pissed about the whole sorry thing pulled. Then again, I have a dumb old Nokia for a cell phone so I don't get ads.
"This is a problem of design, or rather, a lack of design thinking with respect to the security and privacy of the individual."
The real problem here isn't the design. That's simply meeting the requirement. The problem is the individual users who choose to make public so many details of their lives and the requirement is to fulfil that choice. Or maybe the problem is the vendors who sell them on the idea.
Separate out the permissions to view photo from read geotag from image. Any app that lacks the applicable permission gets a modified version of the jpg where the EXIF tag for it has been nulled out. Full permission apps can see the regular file contents. That way your photos app still shows where the picture was taken and the backup app still backs up the full geotag, but some little time wasting app can't without being noteable in the permissions requested.
Yep, came here to say this. They just need to update the security model and strip the EXIF info if the app doesn't have permission for. Obviously that last bit is easier said than done when you get to the nitty gritty detail, but I'm pretty sure Apple/Google can figure it out.
Provide an API for photos and block apps from being able to directly read the contents of the photos directory. Or create a FUSE-like virtual file system that makes the app think it is getting file level access, but it is actually getting files that have been massaged to blank EXIF data.
Photos may not be in the Photos directory, or they can go the long way 'round, and magic numbers can be munged; there are plenty of other tricks. Look, if you REALLY don't want your location known no matter what, get a GPS jammer. Device can't geolocate you without a lock.
the better solution would be to encrypt the private info as its added to the exif. anyone wanting it could send you the encrypted data, you feed it into your device/photo management app and it can then send them the photo with the correct unencrypted exif data.
Separate out the permissions to view photo from read geotag from image. Any app that lacks the applicable permission gets a modified version of the jpg where the EXIF tag for it has been nulled out.
The problem I can see happening almost immediately is that someone else will want other information blocked, and others want to insert data. It seems there is scope for some sort of an EXIF filter API, but for one problem: Google probably wants that data too so they're not going to make it that easy to control it.
Im pretty sure most of the exif data on my photo's are from a location called "Created with GIMP".
I use my phone to take snaps, but I store them offline in my own private location and edit them on a computer before publishing a select few of them because I'm old fashioned like that.
No instant gratification selfies of my breakfast here.
"how to use WhatsApp to track the waking and sleeping patterns of almost anyone, anywhere"
Except me because I don't now nor will I ever have WhatsApp installed on any device. Nor do I use Facebook or any of these other services to post my photos online. Privacy and security is simple, just don't sell your soul to the likes of Zuck.
iMessage was doing it before WhatsApp, and while I'm not up on all the latest messaging apps I find it difficult to believe none of the rest are doing end to end encryption. Isn't Signal a terrorist favorite because of this, among other things?
Don't you wonder why Facebook paid all that money for WhatsApp and hasn't put any ads on it? I guess you think they are providing it out of charity, and aren't collecting your personal information just like they do with Facebook users? Maybe the ads created especially for you from your personal information simply show up on Facebook, while browsing, etc. instead of on WhatsApp.
I do have a Facebook account for family stuff, on a throwaway email address. But they've been able to link me to friends because my friends and family have my real email address on their phones - and anyone who uses a Facebook app on their phones has "given FB permission" to hoover up their address book and do data analysis on it. And they've been able to correctly correlate my real email address from friends/family I've voluntarily linked myself with to ones that aren't mutual friends with any of them, but have my real email address on their phone.
The only way to protect yourself from that level of sinister data collection online would be to have a throwaway email address for every separate friend/family member, or at least friendship group. Even if I didn't have an FB account they'd still have access to photos of me taken by friends/family, the locations those were taken at and my email address.
*Facebook and Google having privacy policies is a bit like Charles Manson having not-murdering policies...
I use Facebook but it has never slurped my address book, thanks to iOS having permissions to prevent it. I know Google finally added the same a couple years ago - after the horse had left the barn since if you ran Facebook on your Android before that its too late for whoever was in it back then!
Not that their inability to get MY address book really mattered, as every few months I get a banner asking "is <my mobile number> your mobile number?" claiming they want me to add it to help reset my password or whatever. It also regularly shows this one guy I worked with in a gig five years ago as "people you may know" even though we have zero friends in common and live a thousand miles away from each other. How does Facebook know my mobile number and that I know this guy? Because it has slurped many OTHER people's address books, which included my phone number! At least they're nice about it and don't just add my phone number against my will, even though they've probably seen it in a few dozen address books so they can be pretty damn sure its me!
Yes, both Facebook and LinkedIn have been rather fanatically abusing that gaping hole in privacy legislation: they are not allowed to grab it from you without permission, but there are no barriers to extracting your data from your friends, nor is there a duty to notify you that they gathered this data.
That said, I just came across a stunt Google has been pulling for years which I must write them a letter about. Could get very interesting.
Even if you try to anonymize yourself, they can probably glean enough information to DE-anonymize you in spite of throwaway e-mail addresses and so on. Combine this with information already available to the general public via governments as well as necessarily-given information from ISPs and secrecy on (and perhaps even OFF) the Internet has probably sailed away long ago.
It's the only Messaging System out there with end to end encryption
LOL. You must be new to secure messaging. Some alternatives WITHOUT snooping your address book:
I have all four installed (you can't tell a client to change their favourite, although we refuse to use WhatsApp - they usually then go for Telegram). There are couple more esoteric ones out there too like CryptoCat but they're harder to verify. We mainly use iMessage to start up remote Mac sessions.
and it contains ZERO ads
Oh dear. If you get something for free, it simply means you're paying with something else, although I must note that Telegram is a bit of a special case re. operating capital. There's nothing more wonderful than a billionaire happily funding your outfit just to piss someone off :).
"If I were running a safari and was concerned about poachers, I'd fit GPS jammer into all my vehicles. That way, even if a camera has built-in GPS or a poacher insider fitted a secret GPS logger in the vehicle, I'm still covered."
You're worried mainly about poachers as keyboard warriors, not poachers as super-spies, I guess.
To find it, you have to search for "location", but it can be turned off in <settings>. Then it is not supposed to detect or record it. You can just use Google or GPS only. On the other hand, the cell towers know when you are near them.
Do not ever use FACEBUTT or you will have no privacy.
I think many people would be quite keen to have an alternative to iOS (nice, but far too expensive for the majority of people) and Android (Google spyware), but Windows Phone clearly wasn't the alternative that anyone was looking for at all.
Unfortunately, while at least Windows Phones were available for purchase in the shops (and hence were at least reasonably visible), the same can't be said for Sailfish OS or Ubuntu Phone or Firefox OS (or even Web OS): you had to be reasonably nerdy to even know that they existed and also willing to take the risk of purchasing from obscure websites. If they had at least even been available via Amazon (and had got some publicity/advertising), they might have got a few curiosity sales.
However, while I do wish that any or all of these would have developed some sort of market niche, they were all, unfortunately, too little, too late. They needed to have an at least reasonably mature OS (and at least some decent app support) by the end of 2012 (the point at which the petrol-fuelled Symbian conflagration was too far gone for anything to be saveable), otherwise iOS and Android were just too far ahead by then for anyone else to really be able to catch up.
Was this ever offered for sale?
I remember seeing various incarnations demonstrated by Canonical either in-person or reviews by various tech publications, but I don't remember ever seeing an announcement that the phone was available to buy...
That would imply that 'low price' + 'privacy' was a large enough market segment for someone to make money filling it. Obviously 'low price' will always be a winning market segment, but no one makes any money selling low priced phones (except Google - and that's because of the hidden cost of your privacy) There's a reason why the two companies who sell substantially all the high end smartphones are the only ones to consistently make money selling smartphones.
Unfortunately not very many people care about privacy. Apple markets on it, but not all that much. If it was important to a lot of people, they'd be doing a modern spin on the Mac vs PC ads but with iPhone vs Android that talked about how Google is selling you out. Not nearly enough people care about that for such an ad to make sense, most people would simply be puzzled by it. So instead we get iPhone ads showing off the camera, despite how little difference further improvement in the camera makes for most people (who like me, could take shitty pictures with a $50,000 DSLR)
I wonder if anyone will think about taking pictures of some elephants with large tusks and then falsifying the location data before posting them? Then, the poachers might go to a welcoming reception hosted by heavily armed rangers. It's a thought, I'm not suggesting that this should be done by anyone.
Besides, the poachers tend to be heavily armed, too. Seeing an ambush coming may convince them into a pitched battle since they have nothing to lose and much to gain by taking out the anti-poachers (fewer to bug them later). Some of these hunters are even equipped to take on helicopters.
No, just a simple realization they won't be getting out alive unless they win. That's how desperate the rangers are at this point. The poachers have already demonstrated a no-holds-barred attitude to their activities. I wouldn't put it past them to fake a surrender only to slip a suicide bomber amongst the rangers.
People younger than 40 don't care; in fact people younger than 30 actively welcome the constant and intrusive sharing. Mind you, they'll all have severe depression and mental illness by 50: humans just aren't wired up to be that open with so many other people all the time. See also: old prostitutes (both men and women).
Except, that's not the case.
I'll admit, I was of a similar opinion, that the only people who locked down FB etc where those who had a close relationship with some hoary old IT bod. However, when I went looking for supporting evidence, it turn out to be not the case.
Apparently, not only do today's youth get the concept of privacy, it is in fact a multilayered, multi faceted part of their on-line existence.
I recall one former work colleagues surprise when he found out that his teen age son had about a dozen FB accounts - all active for very different connections.
Data the individual generates, data that is the individual, is the property of the individual, that is a basic right that cannot be signed away in agreements.
To have those that rule over us recognize and enforce such rights is the trick. Pretty difficult in an age when "our" governments are busy selling us, our future, our Nations and our economies to local and international Elites.
"Data the individual generates, data that is the individual, is the property of the individual, that is a basic right that cannot be signed away in agreements."
Not so fast. Data that is generated with the assistance of others can belong to the other. That's why stuff made on company time and company property belongs to the company (thus in a dispute between a developer and a publisher, the publisher trumps).
I never post original photos to the web - they are always downsized, cropped, and stripped of EXIF data. Why post a multi megabyte image when a downsized one that fits most screens will do? And if there is ever any question of ownership of the image, only I have the high resolution, uncropped versions.
So what. If you were to location track my phone you would have found out the "TOP SECRET" information that my girlfriend and I went out for dinner last night.
However you could have easily found out the same information because; I used my credit card, we are known to the waitstaff, her older children greeted us when we returned to her house.
If I were to be doing something that required it I would take measures including no smart phones. But for my normal life I really don't care.
Companies, whether app vendors, cloud service providers, OS makers, or device manufacturers will never put constant ongoing attention into user privacy and security until they have a strong incentive to do so. The situation in the USA is particularly bad, but AFAIK it isn't that much better anywhere else.
Short of legislation that gives end users clear rights to monetary damages without the need to demonstrate financial harm, companies will continue to sacrifice privacy and security for other goals where they have clear incentives. I promise you, the moment that companies are exposed to risk of damages at a scale that threatens the profitability of their enterprise, we'll see an abrupt change in attitudes.
The problem, of course, if how to write such legislation that gives clarity to both companies and end-users what privacy and security is expected. Privacy actually seems a little easier to tackle to me, but certainly isn't easy in any absolute sense.
And you may start seeing unintended consequences, such as possible "walling" of business within and without the EU as companies consider the price for participation. For many businesses, that level of control may not be worth a billion potential customers when there are many billion more out there.
...doesn't all that apply only if you have the GPS location service of the camera/phone permitted to be ON in the first place?
Simply disabling that (which surely is an option on most devices?) seems a more acceptable solution than skipping whole apps (which is often difficult because of the "all or nothing" permissions model). Also, good for the battery.
Or can location via GSM tower position (which can of course never be avoided or blocked) also land in the EXIF data?
I live in Tanzania. I have been on lots of safaris. Phone and wifi coverage generally poor, and rare for interesting animals/sightings to be where they were the day before - even so we always check. A better technique to get this info would be to listen to open radio conversations between game vehicle drivers, and requires much less skill and technology.
Are you sure they're open and not using encrypted channels? Wouldn't be able to tell from the radios themselves since they'd have the keys in them. Can't rely on the signals themselves since they could be used on the roll with nothing in sight. At least with a GPS trail, one can locate tracks and follow them onward instead of roving blind and risk getting picked out by the rangers, especially if they're using helicopters.
(I have read there are similar folders in iPhones.)
The "recent_tasks" folder contains just that, every single task you do on your device with timestamps.
The "recent_images" folder contains actual images (internal screenshots) of the tasks as they go to background and can contain sensitive data.
One of which was of my last contact from a call I had made complete with phone number.
2 Android phones I tested contained a folder called DROPBOX which contained error logs.
(Dropbox was not installed on these devices as a user app.)
Be advised that the "recent_images" folder is not present in ALL devices but was present in 3 of 4 different manufacturers I've seen.
Every manufacturers settings for photos should include a mandatory meta-data tag with the creators choice of encrypted password set on the device creating the image whether meta-data is available to viewers of the image regardless of the viewing technology. So it should be by conscious CHOICE that any meta-data is shareable or not, with 'not' being the default, hardcoded as an industry standard, so it cannot be accessed unless the creator has tagged it as shareable. It must, if necessary be supported by legislation with harsh penalties for non-compliance. This 'choice' tag MUST be carried over by any copy technology so that if the meta-data share flag is missing the default is non-shareable. If the creator is doing the copy then they know the password and can again make the choice on sharing for the copy.
Biting the hand that feeds IT © 1998–2019