privacy
Latest
Anti-Aliased: I've got nothing to hide
So, it's late night on Wednesday night, I just got done watching Top Gear, and I need something to write about. Lucky for me that Blizzard has given me the perfect topic -- MMO privacy. Thanks to a new development in their World of Warcraft Armory program, privacy advocates are up in arms and I've got a topic to discuss. For all those of you who may be late to the game, Blizzard is adding RSS feeds to the Armory. Basically, the Armory will now report on the exact time you do an "Armory worthy" activity, such as boss kills, achievements, item pickups, and more. People can subscribe to your RSS feed, so then they know exactly when you do something in World of Warcraft. This has, of course, sent privacy advocates into a tailspin of anger. There's no opt-out button for the Armory, so your playing style in World of Warcraft is going to be exposed whether you like it or not. The topic has even spawned a 59+ page thread on the European forums! So what's my take on it? Well, I'm glad you asked. Here at Anti-Aliased, I've got nothing to hide.
3G GSM encryption cracked in less than two hours
Looks like all that GSM code-cracking is progressing faster than we thought. Soon after the discovery of the 64-bit A5/1 GSM encryption flaw last month, the geniuses at Israel's Weizmann Institute of Science went ahead and cracked the KASUMI system -- a 128-bit A5/3 algorithm implemented across 3G networks -- in less than two hours. If you must know, the method applied is dubbed 'related-key sandwich attack' where multiple values of known differentials are processed through the first seven rounds of KASUMI, then using resulting quartets that are identified sharing key differences, subkey materials can be obtained in round eight to build up the 128-bit key. Sure, it's hardly snooping-on-the-go at this speed, but worryingly this was only an 'unoptimized implementation... on a single PC.' At the same time, the paper condemns the presumably red-faced GSM Association for moving from MISTY -- a more computationally-expensive but much stronger predecessor algorithm -- to KASUMI. Guess we'll just have to stick with Skype.
GSM call encryption code cracked, published for the whole world to see
Did you know that the vast majority of calls carried out on the 3.5 billion GSM connections in the world today are protected by a 21-year old 64-bit encryption algorithm? You should now, given that the A5/1 privacy algorithm, devised in 1988, has been deciphered by German computer engineer Karsten Nohl and published as a torrent for fellow code cracking enthusiasts and less benevolent forces to exploit. Worryingly, Karsten and his crew of merry men obtained the binary codes by simple brute force -- they fed enough random strings of numbers in to effectively guess the password. The GSM Association -- which has had a 128-bit A5/3 key available since 2007, but found little takeup from operators -- has responded by having a whinge about Mr. Nohl's intentions and stating that operators could just modify the existing code to re-secure their networks. Right, only a modified 64-bit code is just as vulnerable to cracking as the one that just got cracked. It's important to note that simply having the code is not in itself enough to eavesdrop on a call, as the cracker would be faced with just a vast stream of digital communications -- but Karsten comes back to reassure us that intercepting software is already available in customizable open source varieties. So don't be like Tiger, keep your truly private conversations off the airwaves, at least for a while.
E-reader privacy policies compared: Big Kindle is watching you
It's definitely shaping up to be the year of e-book readers: the Amazon Kindle is flying off (virtual) shelves, and we'd expect the Barnes & Noble Nook to start moving at a decent clip once the kinks get worked out. But any device with an always-on 3G connection to a central server raises some privacy questions, especially when it can broadcast granular, specific data about what you're reading -- data that's subject to a wide spectrum of privacy laws and regulations when it comes to real books and libraries, but much less so in the digital realm. We'd say it's going to take a while for all the privacy implications of e-books to be dealt with by formal policy, but in the meantime the best solution is to be informed -- which is where this handy chart from our friends at the Electronic Frontier Foundation comes in. As you'd expect, the more reading you do online, the more you can be tracked -- and Google Books, the Kindle, and the Nook all log a ton of data that can be shared with law enforcement and various other third parties if required. Of course, we doubt the cops are too interested in your Twilight reading habits, but honestly, we'd rather users weren't tracked at all. Check the full chart and more at the read link. [Thanks, Tom]
Border security guards kill -- literally kill -- a MacBook (update: video!)
Young American woman travels over to Jerusalem to meet some friends, see the sights, live the life. Overzealous border security officers ask her a bunch of questions, take issue with her answers, and a few well-placed bullets later she is allowed entry into the country with a somewhat altered MacBook in tow. So what can we all learn from this incident? Firstly, back up all the data you consider important; B, Israeli policemen don't mess about; and 3, distressed laptops look gorgeous no matter how they got there -- just look at the way the glass trackpad has wrinkled up from the force of the bullet penetrating near it, it's a borderline work of art. The young lady in question has been promised compensation, but lest you think this is a one one-off you can see pictures of an equally dead Dell at the Flickr link below. We've got a couple more close-ups of the ravaged MacBook after the break. [Thanks, Itai N.] Update - We've tracked down a video interview with Lily herself, which shows off a few more angles of the former MacBook and current article of modern art -- check it after the break. P.S. - As always, we encourage a discussion. A sensitive, intellectual, worldly discussion. If you can't infer what it is we're asking of our dear readers tempted to intone on this matter, then please skip commenting on this thread, mkay?
Sprint handed customer GPS data to law enforcement over 8 million times last year
Privacy advocates and career criminals alike are in a lather over reports that between September 2008 and October 2009, Sprint Nextel ponied up customer location data to various law enforcement agencies more than 8 million times. Speaking at ISS World 2009 (a conference for law enforcement and telecom industry-types responsible for "lawful interception, electronic investigations and network Intelligence gathering"), Sprint Nextel's very own Paul Taylor, Manager of Electronic Surveillance, lamented on the sheer volume of requests the company's received in the past year for precise GPS data for Sprint customers. How did the company meet such high demand? Apparently, his team built a special "web interface" which "has just really caught on fire with law enforcement." We're glad that Sprint's plans to streamline the customer service experience don't stop short of those who serve and protect, but as the EFF points out, plenty of nagging questions remain, including: How many individual customers have been affected? Is Sprint demanding search warrants? How secure is this web interface? Check out an excerpt from Taylor's speech after the break.
UK T-Mobile customer data sold to cold callers, responsible staff to be prosecuted
Let's be honest, who here is actually surprised that underpaid and overworked data workers would sell on our details for a few extra quid? Given the number of uninvited calls to our unlisted phone numbers, we know for a fact that somebody has been dishing our personal contacts to those Nigerian princes and caring loan consolidators, so it's no shock to learn that T-Mobile employees have been fingered for committing the deed and are now facing prosecution. We're told that inappropriately leaked information made its way into the hands of brokers, who then "cold-called the customers as their contracts were due to expire" without T-Mob's knowledge. Disappointed by the failure of current fines to discourage such illegal information trade, British Justice Minister Michael Wills has even called for "custodial sentences" to be levied against the poor slobs responsible. So, if you're scoring at home, that's now two black eyes for T-Mobile when it comes to keeping our data safe. For shame.
Google Voice voicemails appearing in public search results
We're not exactly sure what's going on here, but it certainly seems like at least some Google Voice voicemails are being indexed and made publicly available somehow. If you punch in "site:https://www.google.com/voice/fm/*" as a search string you get a few pages of what appear to be test messages, with a couple eye-opening obvious non-tests scattered in there as well. Dates on these messages range from a couple months ago all the way until yesterday, so this is clearly an ongoing issue -- hopefully Google patches this up awful fast. P.S. - Google Voice transcription accuracy really falls off a cliff when it's listening to muffled audio, doesn't it? Update: Google says it's changed how shared messages are indexed and made available to public searches, so we're hoping this was just a one-time thing. [Via Boy Genius Report]
EVE Online's volunteer program compromised
CCP Games, makers of EVE Online, announced that they've discovered wrongdoing on the part of an individual or individuals within [correction: in relation to] their volunteer program, and are investigating the matter. The Volunteer Manager for EVE Online, CCP Ginger, explained the situation earlier today: "Last weekend external resources related to the Interstellar Services Department (ISD), EVE's volunteer program, were compromised which led to the theft of some volunteer program related data but also information about specific volunteers. As a result, we are being extra careful here, as this first and foremost pertains to the volunteer program and has no effect on our EVE Online operations or any customer data whatsoever." CCP Ginger stressed that information stolen came from "areas operated outside of CCP's infrastructure and is therefore not related to anyone's EVE player account data. Player billing information, personal information, and character/game information all remain completely secure and unaffected, as well as CCP corporate pathways and e-mail, Tranquility, databases, etc."
Roman Abramovich's Eclipse has anti-photo 'laser shield'
If you ask a young boy to spec out his ideal boat, you might hear of helipads, swimming pools, missile-proof hulls, mini-submarines and laser shields. Well, Russian billionaire Roman Abramovich is one of those people with the time and money to listen to his inner child, and he's gone and put all of the above together inside a $1.2 billion 557-foot vessel of luxury and excess. The Eclipse will attempt to repel paparazzi with a laser system that is said to "detect CCDs" (we suspect they mean it detects the autofocus light), and responds with an intense beam of light that precludes unwanted photography. We don't know how well the automatic system will work, but it must be fun to manually point the lasers at the paps and go "pew pew!" [Via Fark]
Winwatch wants RFID tags in your next wristwatch -- what could possibly go wrong?
Looking to simultaneously trick your employees into thinking you love them and keep better tabs on their whereabouts? If so, you should definitely look into handing out Winwatch-approved timepieces as "performance incentives," which should be sporting an oh-so-telling RFID tag in the near future. The Switzerland-based outfit has just announced plans to patent an RFID-enabled crystal gasket that would be placed in luxury wristwatches, and while they're pushing it as a way for companies to weed out counterfeit products, we're sure the privacy advocates in attendance can think of far darker applications. Samples are slated to start shipping out later this autumn, which means your window to snag a non-voyeuristic watch is hastily closing.[Via ABlogToRead]
Pre phones home with your location, which explains the black helicopters all around you
Wondering why you keep getting followed by shadowy figures in trenchcoats and fake moustaches? Worried that those snipers on the rooftops always seem to know exactly where you are? We think we know what's going on: it's the Pre in your pocket. Turns out that Palm has code tucked away in webOS that's uploading your location periodically -- once a day or so -- along with a list of applications you've used and how long they've been open. Here's our take on the situation: One of the very first screens you see when you power on the Pre for the first time is a disclaimer asking you to allow Google to collect, aggregate, and anonymize your location data in order to improve the performance of location-based services. Furthermore -- and this is important -- "collection will occur regardless of whether any applications are active." We don't know whether Palm acts as a conduit for that data to get to Google, but we'd be surprised if Palm had built services to pipe location data straight to Google within webOS itself; in all likelihood, Palm's getting the data first, which is why it's being uploaded there. Bear in mind that you're seeing this warning outside the context of any Google app on the Pre -- it's right in the operating system. Palm has its own terms and conditions that you agree to above and beyond Google's, too, and they flat-out say they "may collect, store, access, disclose, transmit, process, and otherwise use your location data." There you have it. App usage is a pretty benign stat -- equate it to TiVo anonymizing and selling your viewing habits, except even less interesting, because we have no evidence to suggest Palm's trying to sell this. We can totally understand why Palm would want insight into app popularity, and when you think about it, this could actually lead to some pretty clever ranking systems in the App Catalog; the iPhone has starkly demonstrated that download volume doesn't equate to replay value, and Palm might be able to do something about that. Oh, and seriously, you need to cut it out with the Jon & Kate Plus 8. When an app crashes, Palm gets some more in-depth information about the crash, most notably a list of installed apps. You know what else collects and sends a crapload of information when an app crashes? Mac OS. Windows, too. If they really wanted to go into CYA mode, they could ask before sending the way those desktop OSes do, but we're not sweating bullets here -- we just want stability, and this kind of data helps them get there. Bottom line: we're all carrying phones that can identify who we are and where we are -- and they have the wireless means to ferry that data wherever their makers wish. And let's not forget that your Palm Profile lives out there in the cloud anyhow, right? [Via PreCentral] Update: Palm has issued a statement on the situation, basically confirming what we suspected -- it's collecting information to offer "a great user experience," which we take to mean that it's trying to squash bugs and keep location-centric apps functional, among other things. They've also mentioned that it's possible to turn data collecting services off without going into details -- ostensibly they're referring to the checkbox at setup (see above) that lets you stop sending aggregated location results to Google.
England puts CCTVs in the homes of lousy parents
We love England, especially the way they use all these adorable names for things: "lorry," for truck, or "loo" for bathroom, or "sin bin" for an Orwellian program whereby "problem families" (currently numbering 2,000, but someday as many as 20,000) are placed under 24/7 CCTV surveillance in their own homes. Chris Grayling, something called the "Shadow Home Secretary," puts it thusly: "This Government has been in power for more than a decade during which time anti-social behavior, family breakdown and problems like alcohol abuse and truancy have just got worse and worse." Meaning, of course, that cameras must be moved from the streets of England into people's homes, where they'll be used to make sure that kids go to school, go to bed at a decent hour, and eat proper meals. If only they'd had programs like this when we were kids -- maybe things would have turned out differently.
SmartSwipe helps you max out your Diners Club card without leaving the house
Check it, big spenders. If you just can't get enough of that swipe-to-buy action seen prominently at most modern fuel pumps and McDonald's restaurants, why not bring the action back to your home turf? Available now in the wondrous United States of America, NetSecure's $99.95 SmartSwipe is a USB-enabled device that literally allows you to swipe your credit card in order to make online purchases. Reportedly, this device "scrambles and encrypts the user's credit card data before it reaches the user's computer or internet," thus making online shopping safe once and for all. If you're still confused, hop on past the break for a dead-serious infomercial. Trust us, it's a must-watch.
DSS surveillance tech from Japan makes George Orwell upset
We take a break from reporting on the impending doom of the human race to bring you news of the latest innovation designed specifically for making our pre-apocalypse lives miserable. Japanese firm DSS is now offering to snap video cameras and ankle sensors -- yes, the same kind that convicts under home arrest have to wear -- onto your employees for the ultimate in workplace surveillance. Sure, you might find out Bob in accounting takes a really long lunch, but do you really need to spend $20,000 and piss off your entire workforce to prove that? Just stalk his Tweets and Facebook status updates like a good old-fashioned employer would do.
WoW Rookie: Keeping your account safe and sound
New around here? WoW Rookie points WoW's newest players to the resources they need to get acclimated. Send us a note to suggest a WoW Rookie topic.It doesn't take keyboard gymnastics to prevent your account from getting hacked. As a new player, you're bound to be concerned – and if you do any digging at all, you're also bound to uncover a tangle of acerbic, rather arcane-sounding comments (many of them on posts right here at WoW Insider) about what operating systems, browsers and browser add-ons are most secure.You really don't have to change your entire computer system simply to keep your WoW account safe. This week, WoW Rookie rounds up a selection of WoW Insider posts that show you how (and why) to keep your WoW account from being hacked and prevent your computer from spilling its beans to the world at large.
Video: UK Home Secretary delays 1984 by a few years
The UK Home Secretary (whatever that is) has put the kibosh on plans for a giant government database that would track all of the country's emails, phone calls and internet activity. But not so fast, civil libertarians! According to the Telegraph, the onus will merely shift to the private sector -- with telecoms and Internet providers being required to retain the data, at a cost of around £2 billion (over $2.9 billion US). According to the plan, every Internet user will be given a unique ID code that the government can use to access the data in the event of a threat -- whether terrorist, criminal, or extraterrestrial. It just goes to show you how lucky Britons are to have a government that cares so much about their well being. Video after the break.
Gaze tracking system keeps an eye on CCTV operators as they keep an eye on you
In his analysis of control systems, William S. Burroughs once noted that as they become larger, so do the opportunities for evasion increase. Sure, you can have CCTV cameras at (nearly) every intersection in your sleepy village, but someone has to watch all those things. What do you do when the sheer number of displays becomes too much for our poor Big Brother? Researchers at the Gebze Institute of Technology in Turkey have developed a gaze tracking system that trains cameras on the irises of the CCTV operator -- noting which video sequences he or she views on the shift, and producing a summary of video sequences they've overlooked. If that weren't enough, the system uses an algorithm that discards frames with no people or moving vehicles in them, leaving only a few key frames for each scene of interest. According to New Scientist, this all runs on a standard PC and processes and catalogs images in real time. Now, if only there were a system that let us watch Two And A Half Men and Becker at the same time -- that would be sweet.
Angry British villagers block Google Street View car, incident captured on CCTV
Look we understand demands for privacy. We just find it ironic that citizens of Broughton (pronunciation: bak-wərd), a small village in a nation where CCTV cameras look, evaluate behavior, and sometimes speak at virtually every intersection, would block a Google Street View car on grounds of invasion of privacy. Seems to us that they've given up on that right a long, long time ago. Though the police were called, the villagers eventually let Google's contractor pass peacefully -- presumably after assurances were given that cameras can not, in fact, steal your soul.
Computerworld on Blizzard's Warden at work
We've covered the topic of Warden in the past, and you've probably already got an opinion on what it does to your computer system. Blizzard runs the Warden program alongside your WoW client, and while it runs it examines what else is running on your system -- if there are any third party programs (either hacks or cheat programs) interfering with the client, it lets Blizzard know, and shuts down the client. The obvious privacy concern here, of course, is that Warden is basically watching what you do outside of the game. And while Blizzard has maintained that the program is simply meant to check for hacks and cheats (they also say that no personally identifiable information is sent back to them, though IPs and other network information definitely are), there's always a chance that Warden could see you doing something you don't want it to. Computerworld's Security section has a nice long article on all of the implications of Warden, especially in one of the more sensitive areas of security: the workplace. While most of us probably won't ever play World of Warcraft at work, there are certainly companies where installing and playing the game at certain times is appropriate. And it's probably in those situations where Warden could be its most dangerous. If you trust Blizzard with your information, then you'll have nothing to worry about. But if you don't know what Warden is sending back, there's always a chance that it could be something more sensitive than you'd like. Of course, there is a hard and fast solution to this: don't play World of Warcraft on computers that have anything you wouldn't want shared with Blizzard or anyone else. As Computerworld concludes, it's a choice-and-consequences kind of thing. Warden is up and running every time you play WoW, for better or worse -- if you don't want it watching what you're doing, the only guaranteed way out is to not play World of Warcraft.
