When law-enforcement depends on cyber-insecurity, we're all at risk


It's not enough to pass rules limiting use of "stingray" mobile-phone surveillance devices by civilians: for so long as cops depend on these devices, the vulnerabilities they exploit will not be fixed, leaving us all at risk.

Read the rest

USB Condom: charge your devices without allowing sneaky data-transfers


Those public USB charging points are tempting, but could be used to propagate all kind of grotesque malware (imagine what happens when your phone's camera, mic, storage, keyboard and GPS start leaking your data to voyeurs and identity thieves) -- sure, you can always buy a charge-only cable, but these crowdfunded adapters turn any cable into a power-only source.

Read the rest

EFF guide to cell phone use for US protesters

It's a timely update to their 2011 edition, incorporating new Supreme Court precedents that give additional protection to protesters who face arrest while video-recording or otherwise documenting protests -- required reading in a world of #Ferguson.

Read the rest

Back doors in Apple's mobile platform for law enforcement, bosses, spies (possibly)

Jonathan Zdziarski's HOPE X talk, Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices, suggests that hundreds of millions of Iphone and Ipad devices ship from Apple with intentional back-doors that can be exploited by law enforcement, identity thieves, spies, and employers.

Read the rest

FTC sues Amazon over in-game purchases by children

A

Online retailer Amazon is accused of hooking millions of dollars from underage users making unauthorized in-app purchases. The Federal Trade Commission filed a lawsuit Thursday charging that the company willingly allowed kids to set up purchases without the consent of their parents.

Though most were for smaller ammounts, some of the charges ranged as high as $99, and typically were for game weapons, clothes and other virtual bullshit installed on its Kindle Fire gadget.

"Amazon’s in-app system allowed children to incur unlimited charges on their parents’ accounts without permission," FTC Chairwoman Edith Ramirez wrote in a press release issued by the comission. "Even Amazon's own employees recognized the serious problem its process created. We are seeking refunds for affected parents and a court order to ensure that Amazon gets parents' consent for in-app purchases."

Amazon's in-app purchase system, established in 2011 to help the firm catch up with competitors Apple and Google, was relatively rudimentary and lacked locks or passwords to prevent unuathorized users racking up huge bills. Within a month, internal emails show that Amazon was aware of "problems" that were "clearly causing problems for a large percentage of our customers," according to the FTC's lawsuit.

Amazon only added passwords months later, and did not apply them to purchases of less than $20 for a year. Even then, according to the suit, Amazon did not disclose that doing so once would enable further purchases for more than an hour.

The FTC settled a similar lawsuit with Apple earlier this year, when the company agreed to institute stricter policies and paid $32.5m in restitution. Amazon, informed of the pending lawsuit, said that it had no plans to change its system as Apple had, and would fight the action.

"We have continuously improved our experience since launch, but even at launch, when customers told us their kids had made purchases they didn't want we refunded those purchases," Amazon's associate general counsel wrote in a response to the commission.

Part of the FTC's suit, however, alleges that the refund process itself is intentionally obscure and "rife with deterrents including statements that consumers cannot, in fact, get a refund for in-app charges."

Games aimed at youngsters are at the heart of the controversy, as they are typically free to download and play, only to bombard the user with enticements to pay for the virtual bullshit. The enticements are often clevery designed to "blur the lines between what costs virtual currency and what costs real money," writes the FTC, using visually similar icons and other psychological manipulations to generate unfair and unexpected charges.

Earlier this week, UK regulators ordered Electronic Arts to stop marketing its sleazy mobile game Dungeon Keeper as free-to-play after gamers complained that it was effectively unplayable without in-game paid upgrades.

UK cinemas ban Google Glass from screenings


UK cinema exhibitors -- which already makes a practice of recklessly confiscating mobile phones full of sensitive, unprotected data during preview screenings -- have announced that it will not allow Google Glass wearers into cinemas, lest they commit an act of piracy (Glass has a 45 minute battery life when in recording mode).

Read the rest

Blackphone: a privacy-conscious phone that actually works


The Blackphone is a secure mobile phone whose operating system is based on Android, designed to minimize the amount of data you leak as you move through the world through a combination of encryption and systems design that takes your privacy as its first priority.

Read the rest

Publishers offer free/discounted ebooks of the print books you own with Bitlit


Bitlit works with publishers to get you free or discounted access to digital copies of books you own in print: you use the free app (Android/Ios) to take a picture of the book's copyright page with your name printed in ink, and the publisher unlocks a free or discounted ebook version. None of the Big Five publishers participate as yet, but indies like O'Reilly, Berrett-Koehler, Red Wheel Weiser, Other Press, Greystone, Coach House, Triumph, Angry Robot, Chicago Review, Dundurn, and PM Press (publishers of my book The Great Big Beautiful Tomorrow) are all in.

(Image: Bookshelf, David Orban, CC-BY)

US inches towards decriminalizing phone unlocking


America's legal prohibition on phone unlocking has inched almost imperceptibly closer to reform, as a watered-down House bill approaches some kind of Senate compromise, that might, in a couple years, decriminalize changing the configuration of a pocket-computer that you own.

Read the rest

Elegant, cheap, simple folded cardboard mount turns your phone into an Oculus Rift


Revealed at the Google IO conference, Cardboard is a scored, flat-pack box that you fold into set of cardboard goggles that hold your phone; an accompanying software package uses your phone's screen and accelerometer to create stereo-optical VR images in the manner of the Oculus Rift. It's a delightfully simple and elegant concept, and Google has published plans for making your own. You need cardboard, a set of cheap lenses, a magnet, velcro and a rubber band.

Read the rest

SF city attorney demands shutdown of parking-space-auctioning app

Monkeyparking, the app that lets assholes auction off their parking spots, has been sent a cease-and-desist letter by San Francisco City Attorney Dennis Herrera, who says the practice of selling your public parking spot is illegal. Monkeyparking's competition are expected to receive the same treatment soon.

Read the rest

Researchers publish secret details of cops' phone-surveillance malware


Kaspersky Labs (Russia) and Citizen Lab (University of Toronto) have independently published details of phone-hacking tools sold to police departments worldwide by the Italian firm Hacking Team (here's Kaspersky's report and Citizen Lab's). The tools can be used to attack Android, Ios, Windows Mobile and Blackberry devices, with the most sophisticated attacks reserved for Android and Ios.

The spyware can covertly record sound, images and keystrokes, capture screenshots, and access the phones' storage and GPS. The tools are designed to detect attempts to search for them and to delete themselves without a trace if they sense that they are under attack.

Hacking Team insists that its tools are only sold to "democratic" police forces, but Citizen Lab's report suggests that the tool was used by the Saudi government to target dissidents.

The means of infection is device-specific. If police have physical access, it's simple. Android devices can be attacked by infecting a PC with a virus that installs the police malware when the device is connected to it. This attack also works on jailbroken Iphones.

Read the rest

California's cell-phone kill switch is a solution that's worse than the problem


As the California legislature moves to mandate "kill switches" that will allow owners of stolen phones to shut them down, the Electronic Frontier Foundation sounds an important alarm: if it's possible for someone to remotely switch off your phone such that you can't switch it back on again, even if you're physically in possession of it, that facility could be abused in lots of ways. This is a classic War on General Purpose Computation moment: the only way to make a kill-switch work is to design phones that treat their possessors as less trustworthy than a remote party sending instructions over the Internet, and as soon as the device that knows all your secrets and watches and listens to your most private moments is designed to do things that the person holding it can't override, the results won't be pretty.

There are other models for mitigating the harm from stolen phones. For example, the Cyanogen remote wipe asks the first user of the phone to initialize a password. When it is online, the device checks in with a service to see whether anyone using that password has signed a "erase yourself" command. When that happens, the phone deletes all the user-data. A thief can still wipe and sell the phone, but the user's data is safe.

Obviously, this isn't the same thing as stolen phones going dead and never working again, and won't have the same impact on theft. But the alternative is a system that allows any bad guy who can impersonate, bribe or order a cop to activate the kill-switch to do all kinds of terrible things to you, from deactivating the phones of people recording police misconduct to stalking or stealing the identities of mobile phone owners, with near-undetectable and unstoppable stealth.

Read the rest

FabLab: a free game that creates 3D printable toys

Makies, the 3D printed toy and game company, has launched FabLab, its inaugural game! FabLab is a free game for people eight and up, through which you create and customize a character and its accessories, which you can also get as real-world, one-off, custom-fabbed objects. MakieLab, the company that created FabLab, was founded by my wife Alice Taylor, and so I've had an inside view into the process by which the game and its back-end -- which includes a remarkable toolchain for turning 3D game-objects into printable items -- came into being. The Makies here in London are fantastic, and they've done brilliantly with the game, if I do say so myself. Please give the game a try -- and tell your friends!

Makies FabLab! Out Now! | Makie.me

After federal document-snatch, ACLU case over Florida cops' phone surveillance collapses

After US marshalls raided a Florida police department to seize documents about to be revealed in an ACLU case over "stingray" mobile phone surveillance, we knew that the case was endangered. Now the worst has happened: state circuit court judge Charles Williams has thrown out the case because he says his court has no jurisdiction over federal agents, so he can't order the critical documents to be returned, so there's no case.

The feds have offered a limited, sealed disclosure to the Florida court, and the ACLU has vowed to fight to unseal them and carry on with the case.

At issue is the widespread police use of "stingray" devices that spoof mobile phones, tricking them into revealing information about their owners' movements, communications, associations, and identity.

Read the rest