Slashdot Mirror
Tracking Down a Cell Phone Thief
Zone-MR writes "Last Saturday, MoDaCo (the world's largest smartphone community) held a get-together for their forum members. Unfortunately the positive community spirit was soured by an individual who decided to steal one of the charity raffle prizes - a C550 mobile phone. Check out the story of how we tracked the thief down, got the phone back, and secured the thief's place in the interweb's hall-of-shame."
Was Slashdot just slashdotted?
Who the hell says interweb?
sp!
I hope slashdot doesn't track me down.
That has to be the dumbest thing ever. Stealing something guarenteed to broadcast its presence. And from within a tech convention?
Go Away! Not for Sale
That is kick-ass. Congrats on getting the phone back. More power to the interweb !!!
-- "It's not stalking if you're married!" My Wife.
http://zone-mr.net/?act=entry&id=36
/services/simlock_2.php - 82.163.137.156
Last Saturday, MoDaCo (the world's largest smartphone community) held a get-together for their forum members. Unfortunately the positive community spirit was soured by an individual who decided to steal one of the charity raffle prizes - a C550 mobile phone.
On Monday, Paul O'Brien (MoDaCo founder) contacted me with information on the stolen phone's IMEI number. I operate the SPV-Developers community which offers the free online SPV-Services unlock tool for this type of phone. It seemed likely that the thief would attempt to remove the SIMLock using this service in order to switch the phone to a non-UK network - bypassing the UK's IMEI blacklist which renders stolen phones useless.
Initially it seemed like there was little I could do to help. The SPV-Services server was not programmed to log the IMEI numbers of it's users. It seemed like a dead end, until I remembered something. When a user unlocks their phone, our server keeps a backup of the phone's first flash block (kept for a few days, in case the changes need to be reversed). This block contains 64kB of RSA-encrypted data such as the phone's SIMLock state, Carrier ID, and other concealed information - it seemed likely the IMEI would be buried within it. Shortly my suspicion was confirmed - after decrypting the block, the IMEI can be found inside (albeit scrambled with a simple transposition).
I started writing a short script - which would check each backup in turn to see if it originated from the stolen phone. After 30 minutes of writing, testing, and running the script - we had a match! The stolen phone had been unlocked. The creation timestamp on the backup file gave us an exact time - August 21, 2005, 10:18:32 PM.
The next step was cross-referencing this information with our web server logs. When a user uses our software to unlock their phone the software uploads the encrypted block to our server, which sends back a list of modifications which need to be made in order to remove the SIMLock. As we knew the exact time when this happened, we could find the corresponding web server entry :
2005-08-21 22:18:32 POST
Bingo! I passed this IP address back to Paul who cross-referenced it with Modaco's database. From this, he was able to identify the guilty member. A quick lookup confirmed that the IP was used by the account "Cocky" - a member which had attended the get-together. The event registrations contained the name of our theif, and his mobile number. The next day, Cocky (AKA Krassen P.) received a short phone call:
Paul: Hi, this is Paul from MoDaCo.
Cocky: Er, Hi.
Paul: You have something of mine, and I want it back.
Not surprisingly, Paul could hear the faint sound of the guy crapping himself at the other end of the line. The phone was returned, via special delivery, the following day. Moral of the story - even if you're enough of a cunt to steal from a charity raffle, don't be fucktarded enough to steal a phone from a community of phone experts.
...and a little luck.
While some good detective work was done by the MoDaCo admin(s?), a lot of thanks can be given to chance, because the cultprit was stupid enough to unlock his phone a) from a source well known to MoDaCo and b) from the same IP address. I'm calling it 25% good sleuthing, 75% dumb criminal.
Error 503 Error 500
Track the guy who is stealing your bandwith. Or else track the guy who buys your bandwith.
In soviet russia, telephone finds YOU!
its great to read a story where the bad guy gets what he deserves. There was a little luck involved with this. If the thief would have used a wifi hotspot, or a proxy, or any other box other than his home, he could of hide his tracks when he unlocked the phone.
time is a perception of a being's consciousness
time is your 6th sense, the wierd ones are 7+
was it just my ISP or did slashdot just go down?
shanegrant.com
oh the reasons you couldn't steal.. It is worth a laugh.
= 2037&
http://www.longislandpress.com/bb/viewtopic.php?p
Hm, maybe the thief should have picked the COPS! This web exposure is a lot, lot worse than what some donut-feasting cops would bother to do.
503 - Service unavailable. Come back some other time.
"...even if you're enough of a cunt to steal from a charity raffle,..."
uhm... and why is it geeks don't get laid?
"Academicians are more likely to share each other's toothbrush than each other's nomenclature."
Cohen
Haha!
To paraphrase "The comic book guy"
Worst. Thief. Ever!
Seriously though, after going through all that effort to track the guy down, they should have sent his contact info to the local police departement.
The last time I saw "interweb" was on one of those 4Chan-esque sites. Odd. This is related to the story, however, because the theif is as smart as a 4Channer.
to somewhere by an old dry lake bed, where they are guarded by a warden with a chip on her shoulder, who is in search of old, stolen booty, and makes you dig a 5' hole every day.
Don't steal. The government hates competition.
its clear that it can't run OSX86.
...if it weren't for those lousy kids.
Fucking hillarious.
Good thing this was in the UK... seems like decrypting the info to retrieve the IMEI information would violate the DMCA here in the states.
--Brandon / Split Infinity Music
Here is the turd making a comment on the thread regarding the event and the missing phone.
t 225214-s15.html
http://www.modaco.com/Event_pictures_and_a_plea_-
What an idiot.
Howard forums are MUCH larger than modaco, re: smartphones. See for yourself.
http://smartphone.modaco.com/index.php
has:
414 user(s) active in the past 30 minutes
379 guests, 35 members 0 anonymous members
while
http://howardforums.com/
has:
Currently Active Users: 3410 (1128 members and 2282 guests)
This 7+ minute wait between replys is excessive. I'll contact my councilwoman... when she gets back from her vacation.
I went to the campus police and filed a report. They said they'll get their detective to work on it later that day. I fought it was just a waste of time at first but then I slowly realized how stupid it is to steal a cell phone. Any call from that phone can be traced by the phone company. And sure enough that evening the police called me and told me to come pick up my cell phone. They called this idiot and told him that he better return it, to make it easier on him. He claimed that he didn't steal it but bought it from someone for $30. Yeah right! Anyway he returned it and I got my phone back.
Later the police gave me a copy of the sheet he singed when he returned the stolen item and the sheet has this guy's home address, date of birth and social security. I checked his court records and he has like 10 convictions on his record for theft, drug charges and some smaller things. I thought of posting his info out on the web, for people to have some fun with, but that would be a little too evil for me.
"...don't be fucktarded enough to steal a phone from a community of phone experts..."
HERE'S YOUR SIGN
And they also just got some fantastic geek publicity on /. for both their community and the conference.
So what was your point again?
Yes, it is. And it's so heartwarming to see that you think it's a total waste of time.
Pfft.
Aww man. Someone needs to mod this up. Its the only thing that made me laugh all night.
zosxavius photography
I think you are thinking of docomo.
"The new wave is not value-added; it's garbage-subtracted" - Esther Dyson, Dec 1994
Yeah, damn non-american-scum. Now go back watching Fox, you frustrated wanker.
Thats its DoCaMo, not whatever the editor put?
erm, are you sure personal information was in that block? from the FA it sounds like that block only contains stuff about the phone, which is encrypted to deter hacking around with it.
Thats like freaking out over someone having a copy of the first block of your hard drive, cos they might have your personal information. But its just bootloader and maybe a partition table
Ya'll, ah ain't nevah hurdah no such thang as tha'ch'all talkin' bout... thet thar internet.
Did you even bother to read the article?
The only "personal info" they found was the IMEI (serial number) of the phone that was unlocked, and the IP address that the request was generated from. Neither of which is "personal", BTW (the phone was stolen, and the IP address belongs to his ISP).
They just matched that IP address against people who post in their usergroup forum and tracked the guy down.
So the only "personal info" they used was the phone's serial number and the IP address the server logged the request coming from. So I fail to see the point of your rant.
N.
"Nothing strengthens authority so much as silence." - Charles de Gaulle
Shouldn't you be in the hall-of-shame for using a dorky word like "interweb"?
You are an insane Slashstalker, Anonymous Coward. You couldn't score any points in your stupid argument in the other thread, now keep your wanking to yourself in these other threads. Damn, American self-confidence and achievement must really drive you out of your skull, for you to keep frothing like this.
--
make install -not war
And the other people, who haven't stolen anything, now have the same expectation of anonymity: none. Of course, if they pay attention, they shouldn't have that expectation of privacy; they're trusting the server too much. But of course most people using mobile phones, even smartphones, even unlocking websites, aren't quite sophisticated enough to see how their privacy is exposed by such a simple operation. Like you, for example.
--
make install -not war
They used that encrypted block to find the person. That's personal, and the other people have now had their links exposed, without any justification.
--
make install -not war
FTA: after decrypting the block, the IMEI can be found inside
Couldn't they just give that to the cell provider and have it tracked that way?
I really don't understand your point of view on this, I don't see how you go from decrypting data about a phone to everyones privacy being broken. if it was someones personal property, it'd be the phone manufacturors personal secret data. Like how was everyones links exposed?
That is a somewhat silly argument.
/for the stolen serial #/ to another form of contact !!
Yes, this person got tracked down, but he stole a phone from a charity raffle!
That is like saying the suspects in a murder investigation shouldn't be investigated because it invades their privacy. That kind of a statement makes it impossible to find out the killer beyond a shadow of a doubt.
Last I checked, your invasion of privacy for being a suspect includes a lot more than the serial # of your phone and cross referencing the originating ip
No, I am not an English major. My posts are subject to typos and incorrect grammar. Do not expect perfection.
That's actually a good point.
The guy goes and decrypts a bunch of info from everyone's phone using a script.
So, he violated everyone else's privacy as well.
Never mind the fact that he took info from a web server and told someone else another user's IP addy to 'track them down'.
Probably violated his own website's privacy statement.
I'll bite.
This is society, albeit an online one. You don't get to violate rules of trust and expect society to ensure your freedom.
Think about it, isn't it a completely stupid idea to think that a family could be sued if a buglar were to hurt himself while inside your house?
No, I am not an English major. My posts are subject to typos and incorrect grammar. Do not expect perfection.
Yea well i've read it a couple times and seen the movie twice, and I still didn't find it funny. Beat that!
Have you metaroderated recently?
The police have extraordinary powers, of necessity - and they have (in theory) extraordinary responsibilities, overseen with extraordinary safeguards. The police can't search people's homes without evidence that indicates they're actually likely the suspect for whom the police are searching. And: this guy's no killer, he's a jerk who stole a phone worth maybe a few hundred dollars. The privacy of several hundred or thousand other people is worth much more than that.
At least that's the system that people expect. This system is just some guy who thinks (possibly justifiably in this case) that they have the right to explore everyone's private info to find the one guy who stole a phone. As I posted, the sleazebag has little expectation of privacy, or fairness of any kind. But the other people who were exposed did not "earn" that invasion.
The kind of logic that says "the person we're catching really deserves to be punished, so we justify destroying the rights of everyone else" is bad enough when practiced by the police. As is increasingly the case. When it's practiced by a private citizen, then society is really breaking down. When people accept it anywhere they find it, it might already be too late.
--
make install -not war
I find it a bit hippocritical that the slashdotters complain when the feds demand IP addresses of posters or file sharers on certain sites (which they get by going through a judge to approve a search warrant)
yet, the same standard for 'bellyaching and moaning' about privacy doesn't apply when it's a techie telling a third party an IP number (who doesn't get a search warrant).
Right now this is just above your post.
How I wish they could stay together forever!
"There is more worth loving than we have strength to love." - Brian Jay Stanley
mod this child down too...;P
I'm serious whats up with british people and their need to make and have dossiers? :)
I mean look blair did it, the idiot who lost his phone did it...
dossier this dossier that, if you call me names i'm going to make a dossier on you and present it somewhere of little importance
get over it already!
Arash
Arash Partow's Philosophy: Be a person who knows what they don't know, and not a person who doesn't know.
http://www.modaco.com/index.php?act=Reg&CODE=00
"You agree, through your use of this service, that you will not use MoDaCo to post any material which is knowingly false and/or defamatory, inaccurate, abusive, vulgar, hateful, harassing, obscene, profane, sexually oriented, threatening, invasive of a person's privacy , or otherwise violative of any law. "
I really don't have a problem with the FBI getting a warrant for my ip address. I do have a problem with government passing broad powers under excuses like Terrorism though. But that's completely off topic. And I do have a problem with companies expecting me to pay outrageous prices for goods, and expect my sympathy because people didn't buy it (by using the number of "thefts" as inflation to what they "could" have made despite those people not being able to afford it or already owning a copy etc.) - but that is way off topic.
Yes, this is Vigilante Justice. Yes, I am ok with it. No, I will not be ok with it if the "vigilante" goes beyond his moral bounds.
vigilante n.
1. One who takes or advocates the taking of law enforcement into one's own hands.
An example in this situation would be if he didn't delete the records about the innocent information, assuming he kept them at all (if he scripted it, he could have gone through the entire database and used an if serial# = this, then print timeofaccess and filename. Or if he gave that information out to other 3rd parties who stand to benefit from it in an undeserved manner.
As it stands, the only thing I have any resemblance of an issue with is the fact that he was able to gain access to these records in the first place. But hey - I am for vigilante justice because it has a tendancy of getting things done.
And really, this guys punisment was fitting. Social embarassment because he got caught violating societys rules. Far worse things can happen through the legal route. They just asked for the stolen item back.
No, I am not an English major. My posts are subject to typos and incorrect grammar. Do not expect perfection.
Whoops. missed t his in the proofread ... "punisment" should be "punishment"
...
And yes, I completely see your point btw. I guess what I did not make perfectly clear is that I'm not the one bellyaching. At least not about that in particular
No, I am not an English major. My posts are subject to typos and incorrect grammar. Do not expect perfection.
It's not having information, it's doing you harm with the information. The feds knowing the IP of a file sharer isn't a problem for me - so long as they aren't using it to shut down the file sharer or otherwise harrass him (to me, shutting down file sharers is "harm").
It should be known that I don't actually believe in law or other such absolutes. However, my philosophy on using morals to guide ones actions is every bit as disputable - mostly in that they are both idealistic and thus flawed. This however is not within the scope of our subject =)
I recognise your point, however I feel that this incident is morally ok and thus support their actions, because the end justifies the means imo.
No, I am not an English major. My posts are subject to typos and incorrect grammar. Do not expect perfection.
I certainly would not expect an unlocking site (something legal, but very disliked by the phone companies) to not keep records, because the phone companies could find some DMCA-like reason to get it from them. A better way to store the backup would be to let the user download it and upload it again for a restore.
However, having known about server logs, etc, I think this is a good thing to have happen. Let some punk kid get really embarassed, no real harm done. Not like some company files 10,000+ John Doe suits against various IPs for daring to unlock its phones, or something. This will illustrate how there really isn't any privacy on someone else's website. If you want it, get a few anonymizing proxies. Better your illusions shattered than living with a false sense of security.
If this had happened at the US Department of Homeland Security, they would have raised the alert level to Orange and we would be told to be on the lookout for slightly overweight middle-aged men with glasses, wearing dockers, using a cellphone.
Anyone seen using a cellphone in a dark corner or putting a cellphone in an inside pocket (trying to conceal it!) will be immediately taken in for questioning.
Henceforth, all cellphone usage will require a licence at the county courthouse, and people must submit valid reasons for having one, and give their fingerprints and DNA for registration.
"Yer criminals are mostly stupid."
Raise your children as if you were teaching them to raise your grandchildren, because you are.
Isn't there an 'unwritten' rule amongst thieves on cell phones in countries with oligopoly-based cell phone services, saying that stealing cell phones is a big no-no, because they can be tracked? In poorer countries where GSM is not widespread and blacklists are not kept, such crimes are still possible.
-Palal
Really, really, really cool people.
crotchtacular.
They have the phone's IMEI because it's their phone. That's not "personal info." They have IP addresses because it's their server. Unless you fell for those "YOUR COMPUTER IS BROADCASTING YOUR IP ADDRESS!" popup ads, you realize that IP addresses aren't "personal info" either.
Modaco focuses on Smartphone (tm) (Windows Mobile based) whereas HowardForums is smartphone (generic).
Stupid cell runs Windows! Why would anyone want to steal THAT?
If you want real performace, get the "E" class (Mercedes ref.)-- Motorola E680i. It runs Linux and has an sd slot, FM tuner,J2ME apps, etc.
You know what? I find it a bit insulting and shortsighted when people scream "hypocritical" over an entire community over every little thing that one member says. Guess what: individuals within a community are allowed to have different thoughts on topics. You know what? This is just proof that the whole "groupthink" and "slashvertisements" that you AC trolls always complain about do NOT exist (Gross generalization for dramatic irony only.)
Oh, and you should learn the definition of hypocrite as well as you know the spelling before using it. According to Wikipedia, Hypocrisy is the act of pretending to have morals or virtues that one does not truly possess or practise. What you are referring to is a double standard, where rules are different for different groups of people. Double standards are GENERALLY considered a bad thing, except often times there is a different impact between one group doing something versus another group doing the same thing. A government (or rather corporation as this is what slashdotters have a problem with, as that is where all the C&D letters and lawsuits are coming from, not a governmental agency) violating someone's privacy without due process can indeed be very different than an individual doing the same.
Particularilly since the reason that Slashdotters fear (or at the very least distrust) governments and large corporations is their power to prevent free speech. Free speech is what many slashdotters value as they believe it is highly important in maintaining an effective representative democracy. A certain expectation of privacy is necesary to maintain free of harrasment from stating an opinion, and that is the primary reason that many within the slashdot community are interested in privacy.
Most members of the Slashdot community would have no problem with feds obtaining information AFTER getting a warrant. The problem they have is the current political climate (Referring to the United States, but still applicable elsewhere) is such that feds (or most police for that matter) pretty much don't need to get a warrant, thus erasing the paper trail, the checks and balances and the responsibility and culpability of the investigators when they are gathering information or otherwise performing survailance. Whether or not this power is being abused is an entirely different matter. The potential for abuse is however, there, and that is why Slashdotters are so against unlimited government power in investigation. And this power seems to be extending to large corporations as well, while individuals seem to have little recourse in finding information about the company and it's motives and workings.
I'll never make that mistake again, reading the experts' opinions. - Feynman
Has anyone noticed that the way they caught this person shows that they are collecting PII that their site policy says does not happen??
Getting IMEI's from users that have been told it would NOT be collected. Isn't that bad? Maybe a little worst then a phone missing. I sould never use thier service - I could be tracked and my info given to the man.
Typical Slashdot hypocracy.
While the article is interesting, I believe it would be even more interesting to hear how they decrypted the RSA encrypted data. Also, why would RSA be used at all? Is the private key help by the cell phone maker? This would mean the public key must be programmed into the phone, which makes the encryption a pointless effort since its easily decrypted using the available key, hence the crypto serves no purpose?
I am sure the explaination of the RSA decryption would be an interesting story by itself.
>This block contains 64kB of RSA-encrypted data such
>as the phone's SIMLock state, Carrier ID, and other
>concealed information - it seemed likely the IMEI
>would be buried within it. Shortly my suspicion was
>confirmed - after decrypting the block,
The thief in this instance sent all his information to a third party. If that third party has no privacy policy (and I assume the site in this story does not) then he has no expectation that any of the information he sent be kept confidential. His IP, of course, is definately not private.
So, the lesson to be learned is to not send anything to a third party that you want kept private. At least, not unless that third party is bound by law or policy to keep your information private.
If the investigators in this story had hacked into the guys computer, or even used some feature of the stolen phone to track him down, then I might buy your argument. But at no point did they require any information that was not recorded in their own records. The encrypted information they cracked did not contain any personal information. All it did was tell them the time at which the user accessed their website. They then went through their standard logs, found a record that matched the time, and discovered his IP address. Which they used to track him down by comparing it to the list of users that visited their forums.
The only possibly dubious action here is the decrypting of the data that contained the phones ID number. But if you or I were to use that site, knowing our phones ID number means nothing. They could find yoru IP just as easily by browsing through their logs. The encrypted ID number is only useful in tracking someone down through this system if you *already know it*. So if the operators of this site know your phone's ID number, yes, they could track you down if you use their site. But they're not going to know it, are they? Unless, that is, it's really their phone your using, in which case they know it damn well.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
I'll bite this troll.
We have repeatedly stated that we keep a TEMPORARY backup of the flash block we change - generally as a precaution in case we screw something up and need to restore the phone.
And, per the Data Protection Act (unless you can justify that the backup block you store cannot be used to identify a living human, which you have just counterexampled), does your site make it clear that you may also use the temporary copy of the flash block to track down living humans for vigilante purposes?
Doesn't matter how obvious it is to you or any other civilian that someone has broken the law, without the intervention of the Police, the DPA says you simply can't implement new convenient uses for personal data unless your users accepted it when they supplied it.
If you are under EU jurisdiction, you broke the law, sorry. Whether any affected party cares or not will determine whether action is taken against you (ie almost certainly none).
"He's making a list, ..."
.conf or .ini file, except in the real world. Use it. If nothing else, it's much more succinct than the usual "a list of names and stuff and other shit".
Checking it twice
Seriously. You've just learnt a useful new word today. It means something like an array, or maybe a
What part of "a well regulated militia" do you not understand?
Bieng in the UK, the site would have to abide by the Data Protection Act 1998, which basically specifies what a company can and can't do with personal infomation.
Notably, the DPA applies only to personally identifiable infomation - given that it's not possible to identify someone from an I.P. number alone, nor an IMEI number, no laws were broken and what these guys did was perfectly legal.
That said, I can't find a notice on their site regarding the DPA, the data they collect, and what it's used for, so MaDoCo may be in breach of the DPA. That said, even big commercial sites like Amazon fail to include the required notices, so they're unlikely to suffer action over it.
After you've tried your philosophy out for a while, you'll find that the end includes the means: experience is cumulative. So now we've got both a thief worth a few hundred dollars, and exposed privacy worth at least hundreds of times that. The "law" that's indisputable is phenomenology, until you somehow actually succeed in transcending phenomena. And everyone who has, who's willing to talk about it, says the end doesn't justify the means.
--
make install -not war
It's the association between the two units of info, available only in the encrypted, backed up blocks from the phones, that is private. It's the key to their identities when they believe they're posting anonymously. It's encrypted, too - it's not expected to be read, certainly not by the unlocker. It's probably not even expected to be copied by the unlocker, though the encryption would, if the user were even sophisticated enough to be aware of it, also create the expectation of privacy.
Unless you don't understand what's actually necessary to identify someone on the Internet, relational joins, you're not qualified to deny that the unlocker service has violated their customers' privacy.
--
make install -not war
You're not paying attention. Not only did I say that the breach that matters here is that of all the other customers, but I even said that I often favor beating a thief until the cops come, when bystanders catch (the right guy) in the flesh after, say, a mugging.
Again: the unacceptable breach of privacy in this case is that of everyone else whose personal info was first cracked, then searched, while looking for the thief. There's a reason police need warrants issued by a judge on real evidence before they can search people. And there's an even better reason that private individuals, at least in a land ruled by justice, don't get to search each other. Pay attention before you criticize a statement that exists only in your imagination.
--
make install -not war
I get a Slashstalker flaming me across threads, and I flame them back. That doesn't make me "Flamebait". It makes their post "Offtopic". TrollMods get a clue to what these mods actually mean before using them. Though I suspect that the TrollMod in this case is actually the AC who flamed me, abusing the Slashdot system as much as possible.
--
make install -not war
Moderation -2
50% Troll
30% Overrated
20% Insightful
The TrollMods who blasted this post are not only Anonymous Cowards, but they're also Ignorant Masochists. Because despite the bleating complaints about my revealing the unlocker's privacy breach of their customers, not a single complainer has made any sense in their responses.
The unlocker revealed not only the identity of the thief, but also the phone#/IP# identity of all their customers who posted to their forum. Customers who had an expectation of privacy, through anonymous posting and encrypted personal info block. If they even knew the block was being stored on the unlocker's server. These TrollMods refuse to see just how insecure their casual activities can make them when they trust the wrong people. So instead of accepting that their own behavior is risky, they attack my post, which makes that fact clear. Typical denial monkeys, who try to suppress the facts rather than face the truth.
--
make install -not war
Just to clarify : The encrypted data that was searched wasn't personal data, nor was it personally identifiable data. Essentially, it was a block list of version numbers and network keys, which are next to useless.
As my own reply to the GP states, the relavent legislation here in the UK is the DPA 1998, and the actions taken by MCD and their partner did not violate that legislation - hence, both legally and morally, there was no breach of privacy.
You say that, yet the data they cracked and searched was what was required to lookup the person's phone# against their posting IP#. That made anonymous posts identifiable. That's a privacy breach. I don't know whether the UK law covers that, and I'm not going to engage in "moral" judgements. The fact is that the other unlocker customers expected that they'd post anonymously, and now are not anonymous. It's not that complicated.
--
make install -not war
Oh, and I'm the fourth here that's read it :D
My UID is prime... is yours?
Not quite : The IP number and the Phone number were already related through the users forum account - you cannot invade someones privacy when they've already given you that infomation. You're right in that it's not that complicated; but it seems that you've still managed to misunderstand what actually happened.
You're right - looking at their logs, they can ID anonymous posts from an IP# against member logins from the same IP# with fair reliability. So the cracked phone info doesn't enter into it, except to trace the phone IMEI -> IP# -> login -> user. There is no real anonymity in their forum, as they keep the logs of IP#s of "anonymous" posts. Which is still a security breach, but so entirely common that I'm not going to make an issue of it in this thread.
Thanks for patiently maintaining your position, helping me finally understand the actual security status (none) of this situation. I wish the others posting to argue with me had managed to be so helpful - none of us would have wasted as much time.
--
make install -not war
Hypocrisy is what I call it. If the govt had done this and not you,your knickers would be ALL in a twist over this. There would be protests outside 10 downing st., fat middle-aged bearded men would chain themselves together outside of police stations. It would be CHAOS! BUT! If some admin out there wants to violate everyones privacy and break the DPA...then..well THATS OK because we allll know a crime was being committed. And the ends justify the means! I call BS. You report a crime to the police and they handle it. YOU ARE NOT ABOVE THE LAW!
I've carefully considered the usage of the word "cunt" as an insult, along with the other insult "pussy." Both have negative connotations for something that should not have them. There is no good reason why the word "cunt" should be an insult.
Therefore, I've concluded that we should start from scratch with a new word for female genitalia that has not been spoilt. Furthermore, in order to prevent this word being appropriated, I believe it should be something that could not be used as an insult.
I have settled on the word WOOHA! This to me, conveys a sense of fun and is equally nothing that could be yelled in anger (try it - you see?). However, it works in a flitatious-dirty talk-sexy way.
E.g.: "I touched her woo-ha," "I want to [adjective][verb] your wooha," "Ooh, yes - kiss my woo-ha!" Etc.
I call on
Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
That's a daft idea - you silly wooha.
The data block that was shared was not in itself personally ident infomation - that infomation was already held by the forum. The datablock itself was used to I.D. a particular phone, and according to the DPA's interpretive provisions, that infomation is not classified as personally identifiable. It would have become so had the forums administrator passed that infomation on to the Grandparent, but the flow of infomation went the other way (I.e, npi was given to someone who already possessed the pi), and was therefore not illegal.
This is, incidentally, the same workaround that allows someone to trace an I.P. address and report the owner of said I.P. address to their ISP - the I.P. address and access log timestamp on thier own are not personally identifiable, and only become so when given to the ISP - who alraedy has that infomation anyway.
... in europe. Here you can remove the card. But you can't put in a card from another company. But wait: when you can't remove the card then it should be no problem to track the plone down because the fixed id (that is used to show the phone company who gets billed) can't be removed, right?
Any sufficiently advanced intelligence is indistinguishable from stupidity.
That's a daft idea - you silly wooha.
Point proved! I am amused not offended! Henceforth, let us all use wooha (um, as in use the word, though use otherwise is fine too.)
It's fun redesigning the English language.
Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
It's fun redesigning the English language.
Well, the folks on Slashdot have certainly been trying that for years.
Its a funny thing in the english language that most expletives are based on sex, excrement or religion.
(i believe) that in Maori and other polenesian cultures there arnt really any swear words, and the biggest insults are along the lines of eating your enemies. (i.e. you would tell someone to "go boil their head" and/or "prepare yourself for me to eat you")
So when does the theif get tarred and feathered? No? Ok, get him fired from his current job or at least arrested.
-Eric
SJW: Someone who has run out of real oppression, and has to fake it.
I realize nobody's likely to read this (heck this story's *days* old - the world moves on) but I have an inverse question - why on earth aren't you checking the stolen 'phones list?
I certainly agree that once I've bought a 'phone it's mine to do what I want, but for at least one user of this service there's a good chance the 'phone's not theirs - It's bloody mine!