Ton Siedsma, a lawyer for the Dutch civil liberties group Bits of Freedom, volunteered to have a week's worth of his phone's metadata collected and analyzed by researchers from Ghent University and by Mike Moolenaar.
The researchers' report shows how exhaustively a cursory metadata analysis reveals intimate details of Siedsma's sex life, family relations, interest, politics, religious affiliation, movements, social graph, and other deeply personal — and potentially compromising — matters. It's an excellent counterpoint to the dishonest political narrative from intelligence services around the world — especially the US, Canada and the UK — that says that spying on your metadata is somehow harmless.
Based on the metadata, security expert Mike Moolenaar concludes that Ton has 'a good information position within Bits of Freedom.' He appears to have a good idea of what is going on – an important fact when looking at this network from an intelligence perspective.
But that's not all. The analysts from the Belgian iMinds compared Ton's data with a file containing leaked passwords. In early November, Adobe (the company behind the Acrobat PDF reader, Photoshop and Flash Player) announced that a file containing 150 million user names and passwords had been hacked. While the passwords were encrypted, the password hints were not. The analysts could see that some users had the same password as Ton, and their password hints were known to be 'punk metal', 'astrolux' and 'another day in paradise'. 'This quickly led us to Ton Siedsma's favourite band, Strung Out, and the password "strungout",' the analysts write.
With this password, they were able to access Ton's Twitter, Google and Amazon accounts. The analysts provided a screenshot of the direct messages on Twitter which are normally protected, meaning that they could see with whom Ton communicated in confidence. They also showed a few settings of his Google account. And they could order items using Ton's Amazon account – something which they didn't actually do. The analysts simply wanted to show how easy it is to access highly sensitive data with just a little information.
What they and I have done for this article is child's play compared with what intelligence agencies could do. We focused primarily on metadata, which we analysed using common software. We refrained from undertaking additional investigation, with the exception of using the leaked dataset from Adobe.
How your innocent smartphone passes on almost your entire life to the secret service [Door Hans de Zwart/Bits of Freedom]
(via Sean Bonner)
