Submit a link Features Reviews Podcasts Video Forums More ▾

NSA harvests 200M of SMSes every day with untargeted, global "Dishfire" program

The latest Snowden leak details DISHFIRE, a joint NSA/GCHQ program to slurp up hundreds of millions of SMS messages from global mobile phone users. Included in the program are text messages to and from Americans, though these are apparently subsequently purged. The UK spy agency GCHQ also makes extensive use of the database. Text messages are stored for long terms, so that spies can do historic lookups on people they target. The DISHFIRE database allows for full-text search.

Vodaphone expressed shock and outrage at the news that its customers' private messages were being harvested without a warrant or due process, characterising the program as outside the law.

Read the rest

Blackphone: a privacy-oriented, high-end, unlocked phone

http://vimeo.com/84167384

Blackphone is a secure, privacy-oriented mobile phone company co-founded by PGP inventor Phil Zimmerman. It integrates a lot of the privacy functionality of Zimmerman's Silent Circle, which makes Android-based privacy tools (secure calls, messaging, storage and proxies). Blackphone also runs Android, with a skin that switches on all the security stuff by default. The company is based in Switzerland, whose government privacy rules are better than most. The phone itself is a high-end, unlocked GSM handset. No info on pricing yet, but pre-orders open in late February. I'm interested in whether the sourcecode for the Blackphone stack will be free, open, auditable and transparent. If it is, I will certainly order one of these for myself and report here on its performance.

Read the rest

Facial recognition mobile app


A new mobile app called "Nametag" adds facial recognition to phone photos; take a pic of someone and feed it to the app and the app will search Facebook, Twitter, sex offender registries and (if you'd like) dating sites to try and put a name to the face. Kevin Alan Tussy, speaking for Facialnetwork (who make Nametag) promises that this won't be a privacy problem, because "it's about connecting people that want to be connected."

Read the rest

Capturing images of bystanders by zooming in on pictures of corneas


In Identifiable Images of Bystanders Extracted from Corneal Reflections, British psychology researchers Rob Jenkins and Christie Kerr show that recognizable images of the faces of unpictured bystanders can be captured from modern, high-resolution photography by zooming in on subjects' eyes to see the reflections in their corneas. The researchers asked experimental subjects to identify faces captured from these zoomed-in images and found that they were able to do so with a high degree of reliability.

The researchers used 39 megapixel cameras, substantially higher-rez than most people's phone-cameras, but low-cost cameras are making enormous leaps in resolution every day. What's more, the researchers suggest that the determining factor for identifying a face isn't resolution; it's having a viewer who is already familiar with the subject. It's an interesting wrinkle on the problem of information-leakage, and implies that future privacy-filters will have to scrub photos of reflective surfaces (especially eyes) of identifying faces before they're posted.

Read the rest

Why does privacy matter?

Adam writes, "I am crowdsourcing individual testimonials about the importance and value of privacy on GitHub. Contributions are welcome and needed." Cory 13

HOWTO delete your smartphone's fine-grained log of everywhere you've been

If you have an Android or Ios smartphone, it defaults to storing the history of all the places you go, at a very fine resolution, for a very long time, and mirrors that data on remote servers from which it might be leaked or subpoenaed. Lifehacker has a great tutorial on deleting your Location History and turning off future logging of your location. They cover both Ios and Android. I just did my devices, and it was very easy.

Read the rest

EFF's holiday wishlist

The Electronic Frontier Foundation has posted its annual holiday wishlist of policy initiatives, business practices, and action by individuals. It's a kind of beautiful dream, and I long for the day that we attain it. And remember: everyone falls short of their ideals, but these are the best ideals to fall short of. I've included some of the wishes after the jump, but go read the full list.

Read the rest

UN adopts resolution in favor of digital privacy


The UN General Assembly has unanimously adopted a resolution called "The right to privacy in the digital age," introduced by Germany and Brazil. The resolution sets the stage for the adoption of broader privacy protection in UN treaties and resolution. The Electronic Frontier Foundation has written a set of (excellent) "People's Principles" (sign on here) for future work on digital privacy in the world.

Read the rest

GNU Privacy Guard crowdfunding for new infrastructure

GNU Privacy Guard (GPG) is the free/open version of Pretty Good Privacy (PGP), the gold standard in secure email and other kinds of eavesdropping-proof, authenticated, private storage and communication. The GPG project relies on donations and voluntary subscriptions to keep up-to-date and support new platforms. They're running a crowdfunding campaign that's shooting for €24,000, which they'll spend on rolling out an all-new site (with Tor access!), as well as GPG 2.1, tutorials, subscription management, material for people throwing Cryptoparties (security-training events) and many other laudable goals. I rely on GPG every day, so I've put in €100. I hope you'll give, too.

Read the rest

NSA's bulk phone data collection ruled unconstitutional, 'almost Orwellian,' by federal judge


Judge Richard Leon (dcd.uscourts.gov)

In the nation's capital today, a federal judge has ruled that the National Security Agency's program of bulk phone record collection violates the reasonable expectation of privacy guaranteed to Americans by the Constitution. The judge ordered the federal government to stop gathering call data on two plaintiffs, and to destroy all previously-collected records of their call histories.

The ruling by Judge Richard Leon (PDF Link), a US district judge in the District of Columbia, is stayed pending a likely appeal--which may take months. In his 68-page memorandum, Leon wrote that the NSA's vast collection of Americans' phone metadata constitutes an unreasonable search or seizure under the Fourth Amendment.

"Father of the Constitution" James Madison would be “aghast” at the NSA's actions if he were alive today, wrote Leon.

Read the rest

Google yanks vital Android privacy feature

Well, that didn't take long: shortly after Google added a new Android feature that let you deny apps access to your sensitive personal data, they have revoked it. This is frankly terrible, and the Electronic Frontier Foundation's Peter Eckersley has some very pointed commentary, recommendations for Android customers, and advice for Google:

Read the rest

Android gives you the ability to deny your sensitive data to apps

Android privacy just got a lot better. The 4.3 version of Google's mobile operating system now has hooks that allow you to override the permissions requested by the apps you install. So if you download a flashlight app that wants to harvest your location and phone ID, you can install it, and then use an app like AppOps Launcher to tell Android to withhold the information.

Peter Ecklersley, a staff technologist at the Electronic Frontier Foundation, has written up a good explanation of how this works, and he attributes the decision to competitive pressure from Ios, which allows users to deny location data to apps, even if they "require" it during the installation process.

I think that's right, but not the whole story: Android has also always labored under competitive pressure from its free/open forks, like Cyanogenmod.

Read the rest

30,000 more signatures needed, then Obama will have to take a position on warrantless access to email and texts

Holmes from Fight for the Future writes, "Think local police in America should be able to read your emails and texts without a warrant? No? Well right now they can. Want to fix that? Then please sign this 'We the People' petition asking Obama for a response. It's at 70,000 signatures and it needs 100,000 by tomorrow for a response. It's tantalizingly close. Once the petition hits 100,000 signatures, Obama must take a position, and movement in Congress becomes much more likely."

Life from the near future of location surveillance


In Meet Jack. Or, What The Government Could Do With All That Location Data, the ACLU's Jay Stanley presents a slide deck from the near future in which a government intelligence service presents a glowing account of how it convicted "Jack R Benjamin" of DUI pre-crime, by watching all the places he went, all the people he interacted with, and using an algorithm to predict that he would commit a DUI, and, on that basis, to peer into every corner of his personal life.

The use of the slide deck is inspired here, echoing as it does the Snowden leaks (Snowden had been tasked with consolidating training documents from across the NSA, which is why he had access to such a wide variety of documents, and why they're all in powerpoint form). And the kind of data-mining here is not only plausible, it's likely -- it's hard to imagine cops not availing themselves of this capability.

Read the rest

Peak indifference to surveillance


In my latest Guardian column, I suggest that we have reached "peak indifference to spying," the turning point at which the number of people alarmed by surveillance will only grow. It's not the end of surveillance, it's not even the beginning of the end of surveillance, but it's the beginning of the beginning of the end of surveillance.

Read the rest