Slashdot Mirror
EFF Offers an Introduction To Traitorware
theodp writes "The EFF's Eva Galperin offers a brief primer on Traitorware, devices that act behind your back to betray your privacy. 'Your digital camera may embed metadata into photographs with the camera's serial number or your location,' writes Galperin. 'Your printer may be incorporating a secret code on every page it prints which could be used to identify the printer and potentially the person who used it. If Apple puts a particularly creepy patent it has recently applied for into use, you can look forward to a day when your iPhone may record your voice, take a picture of your location, record your heartbeat, and send that information back to the mothership.' She concludes: 'EFF will be there to fight it [Traitorware]. We believe that your software and devices should not be a tool for gathering your personal data without your explicit consent.'"
What happens when the government starts analyzing these signs to determine you might be up to no good? Regardless if a crime has taken place or not? If your heart rate is elevated or you're palms are sweating, and you're close to an airport/school/gov office building/whatever, you might be planning an attack, why not just be on the safe side and have you come down with the nice men in black down to the local station for questioning?
The magical number is: 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
You speak like a conspiracy theorist, therefore you must be a terrorist! The news said so!
(p.s.: I'm being sarcastic, and totally agree with your post.)
The magical number is: 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Even well-intentioned software can backfire: Greek designer who issued “Anonymous” press release caught by metadata
This is typically done by commercial colour laser printers,such as those made by Xerox, Konika Minolta, Ricoh, and so on. The code's printed in yellow toner - which isn't normally noticeable but becomes infuriatingly visible if you use these machines to print light coloured backgrounds - for example, a business card with a silver/light grey background tone. I don't know about Konika and Ricoh, but with the Xerox machines the code can lead right back to you pretty easily.
That said, the Xerox machines do some other interesting things as well - for example, they'll refuse to copy UK banknotes from the glass (presumably they identify the UV markers in the notes? amongst others. I assume this is either to reduce their liability if their machines were used that way, or due to a legal statute in one of their markets? Either way, interesting behaviour.
without your explicit consent
Yup, there's the real issue. They can bury a one-sentence fragment within 52 pages of EULA that gives them "explicit consent." Someone will notice, it'll get a story posted on Slashdot, but still, only maybe one or two out of every several thousand will resist purchasing the next iPhone 5GSXT Pro-Air.
The root of the issue is the backtalk and walls of text used to placate users into 'agreeing' without understanding what rights they're sundering.
There's a spot in User Info for World of Warcraft account names? Really?
If your heart rate is elevated or you're palms are sweating, and you're close to an airport/school/gov office building/whatever, you might be planning an attack, why not just be on the safe side and have you come down with the nice men in black down to the local station for questioning?
Turn yourself in, before your own personal (not private) polygraph does!
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
If your heart rate is elevated or you're palms are sweating, and you're close to an airport/school/gov office building/whatever...
Good grief! Maybe I'm just in the back of my window-less Econoline rubbing off a quick one! What's the problem?
If you want news from today, you have to come back tomorrow.
not that our devices embed information; but how that information is used. For example, having a geo location and serial number on every picture can aid in searching for images as well automating workflow (based on specific sensor characteristics). For me, that is good. Sending that info to the "mothership"" (sic), without my knowledge or permission, is bad because they have no reason to need that data; other than to sell it or use it for marketing.
I'd like to see companies that collect date require a more informed consent than burying it in a 50 page TOS agreement; and perhaps notification the first time teh data is sent.
I'm a consultant - I convert gibberish into cash-flow.
Is there a list of this kind of products? When I buy a camera or a printer I'd like to know which ones hide serial numbers or the like in the images they produce. EFF should maintain such a list, I think.
Swedish plasma phys. PhD student; MSc EE; knows maths, programming, electronics; finance interest; seeks opportunities
How Much Information Does Your GPS Store About Where You Have Been? So, is Max Speed on your GPS a bug or a feature?
but with ATT low download cap / high data costs $10 a GIG will apple force that?
what about over seas up to $100 or more in data fees per location?
Dont attribute to malice what can be adequately explained by stupidity. Sometimes a software can be well intentioned, see a place where a lot of maybe useful information could be place and no look further on that, putting that in. Sometimes in some context that added information could be useful and intended, sometimes not, and you have not enough flexibility to decide by yourself when enable or disable that action.
Could the smtp protocol (and so every software that implements it) be considered traitorware? If you want to send an anonymous message it adds from which IP was sent, how different would be that from cameras that automatically adds gps coordinates in photos?
In the last term, a line between malice in this and what is not should be drawn, and will be very broad with a lot of things in the gray area, but would be good to have a list of what cleary is in the wrong side of it. And if well couldnt call traitorware all that is in the field of what sends somehow away information that could hurt your privacy, awareness of what they send and what exactly implies in that topic to use them, sometimes even in the manuals they warn which private information could be disclosed, well, that it be even the ones that don't disclose that.
http://www.cbsnews.com/stories/2010/04/19/eveningnews/main6412439.shtml
Bad thing #1: Locking down devices. Right now, people like the Dev Team jailbreak stuff within a month or two of release. However, eventually hardware chips will get added that are as hard if not harder than baseband modules to crack. Perhaps chips that "supervise" the OS, and if it runs something out of some strict parameters, the device gets shut down until taken to a $AUTHORIZED_STORE and fixed there.
Neutral thing #2: Phones do a lot. They acquire a lot of knowledge about the carrier.
Bad thing #3: Info by #2 is sent back home to carriers.
Bad thing #4: A combined push by LEOs and our *IAAs to find more info about people to start criminal or civil proceedings with ease. Remember, it wasn't that long ago that suing users in the thousands for having a song available, or snarfing a video clip was not thought of.
Bad thing #5: Ad providers being such a strong force. They don't just show disinterest in stopping malware payloads from being delivered through their networks, they want to add new vectors for infection using Phorm-like injectors. They will happily sell any information they get to all and sundry who have the cash.
Bad thing #6: The "piracy" bugaboo. This is a major excuse used for device lockdown.
Bad thing #7: No interest in anti-monopoly regulation.
Bad thing #8: Blacklists are in common use in the industry. For example, if someone gets banned from one casino in Las Vegas, they get banned from all of them.
Now, the day of convergence happens. All this stuff winds up merging. Joe User now buys a smartphone after all these converge:
Day 1: Joe goes out on a date with a co-worker to discuss business. His device notices that it is near other devices, transmits the GPS info to an ad agency. Joe's wife has a search tool that uses info gleaned from ad agencies to monitor where Joe is 24/7 even though his stuff isn't connected. She gives him a tongue lashing when he gets home.
Day 2: Joe visits a MMA place to see about casual sparring. The phone transmits the location, and insurance companies pick it up. They kick Joe off the health insurance because he is engaging in too risky pursuits.
Day 3: Joe posts a private rant on his favorite social network of choice about his job from his home computer. The social network has a top notch privacy policy and has no advertisers at all. However, Joe's phone has an app that quietly slurps up his posts, even though they are posted by another device and sends them to an ad agency. His work subscribes to an employee monitoring system which sends relevant posts if they have the company mentioned. His boss gets handed the rant, and Joe gets fired.
Day 4: Joe decides to go buy a dime bag because he has no job, an estranged wife, and no health insurance. He drives to a part of town that isn't too bad, but where the "upper" level distributers hang out. On the way back, Joe gets pulled over, his car searched and seized, and he ends up in jail. The local PD uses the ad agencies which keep track of all GPS settings of cars in the area, and has pattern matching. Any traffic pattern that is suspect gets an automatic traffic stop and the dog brought out.
Day 5: Joe's wife decides to file a divorce because she wants to move to someone who is making money. She gets someone to check the phone ad agencies and give her the goods on Joe. She serves him divorce papers via E-mail, and because the ad providers know when someone received the message, the E-mail stands up in court as a proper service, just as a visit from the constable.
Day 6: Joe is afraid of monitoring, so tries to flash a ROM without the 24/7/365 monitoring. The device auto-bricks, and he has to take it into an authorized store, pay $300 for them to flash a replacement ROM onto it. Essentially do a fancy version of RSD-Lite. Joe then uses a better utility that prevents the phone from bricking. However because it downloads a utility like su or Cydia, the cellular provider notices the communication between
You have no idea where the collected data goes and what inferences will be made from it. Since corporations don't care about your freedoms of speech, assembly, and other freedoms, there's no good reason to assume that the collected data won't eventually serve malevolent ends. Furthermore, the data is often collected without explicit announcement that it is being collected. The data is often distributed to others without explicitly getting consent on a case-by-case basis so the end user has an opportunity to decide that they trust one party but not another. It's very easy to let those who promote convenience and flashy presentation take away your freedoms; it's hard to regain your freedom after you've lost it. The solution, therefore, is to not lose your freedoms in the first place.
Digital Citizen
The whole point of the EFF is to think about such problems and issues before they become common; hence the 'frontier' in their title. They are trying to alert people to a potential situation so that people can be aware of it and start thinking about the implications, and formulate either consumer strategies or legal frameworks before there is wide spread abuse.
Your point is still valid in that you yourself may not be interested until there has been abuse, but to ask the EFF not to write about it until that point does not make much sense.
Isn't it inconsistent to deny this freedom to the companies that sell us these devices?
What about a person's right to not be secretly recorded, logged, tracked and monitored purely for corporate greed?
I'm pretty sure that AC was just trolling. At least, I'd really like to think so.
Unfortunately there really are a lot of people who, for some reason, will act against their own self-interests and vehemently defend this kind of intrusive surveillance. I believe the term for them is "useful idiots".
Throughout history, every time a relatively free nation became a brutal dictatorship, there were such people who welcomed it with open arms at least until it was finally their face smashed by a jackbooted thug. The GP might be one of those.
It is a miracle that curiosity survives formal education. - Einstein
So when I sell you a chair I should be allowed to dictate when and how you may sit on it, that you may ONLY use it to sit at a table and ONLY to eat your soup but not your burger? And when I sell you that burger, I should be allowed to dictate that you may ONLY drink MY soda while you eat it (I bet McD would love that!)? Yes, even if you order it to take it with you.
When I sell you something, I also have to relinquish the right to determine its use and purpose. If you take my chair and use it to juggle, I can't do jack about it. If you want to burn it, I can't say you must not do it because I invested so much work into it, you can't just burn it! I sold it to you. I surrendered every right to it to you.
Why the fuck should this be different with things like iPods and XBoxes? Because they're sold at a loss because its maker thinks they'll recover the loss with the add on gizmos? Then sell it for a profit! It's not my fault that your business model is flawed!
Protecting a flawed business model with laws is pretty much what kept communism afloat so long.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
You didn't include the important part of the link. All the stuff about how its the fault of the Jews.
In the state I live in, for example, oral sex is a felony even between man and wife (old law meant to prosecute gays in parks, but they didn't make the distinction in law) is a felony and anyone on the street without $200 CASH (no, your plastic doesn't count) and ID (only certain things count) is at least a misdemeanor. They obviously don't enforce these much, it's a handy catch-all for a cop who is sure there's something wrong and needs to arrest you to find out what else he can get on you. In fact, there are an endless list of such laws.
Now imagine a government afraid that their country will overthrow them, or merely riot in the streets, as in Greece or France, when the people figure out what a screwing they've gotten, and who wants to remain in power at any cost.
Bingo -- perfect answer, your device makes you guilty of just about any of these trash laws, on demand, and we simply jail you for that before any demonstration or "movement" can get to critical mass.....
This will not only be allowed, at some point it will be mandated, watch and see. Lucky, no one really needs these fancy bits of tech, they are just candy for anyone who grew up before anyone had them, and most people using them instead of having a life just look silly to us. So get off my lawn.
Why guess when you can know? Measure!
I *like* cameras that incorporates metadata. This protects me from lawsuits and proves that the picture is mine and can be used however I want and as often I want.
Sure, someone who wants to claim ownership of a picture would never be able to insert desired metadata in the file.
People misuse printers to print out pedophilia ... counterfeiting ... threatening letters ...
You forgot terrorists. They also use printers.
Yes, there are legitimate uses for all these traitorware features in software/hardware. The point is that these features should be opt in and disabled by default, so that people who truly want them can enable them.
Record your location? Sure, if it's a smartphone with GPS. For standalone cameras, GPS is not exactly a common feature. There are about two models of pocket digital camera on the market that have GPS, and not very many SLRs with it either ... go look. Those that have it make no secret of it; it's actually a big marketing point for people who want to record where they've been taking pictures.
As for smartphone models, I don't know about the Apple or Windows offerings, but Android's camera app exposes it as an option right on the main screen, next to the flash and focus settings ... and I'm pretty sure it defaults to off. People turn this on because they actively want it.
Rather than scaring people about what their devices might be recording, it would be a lot more useful to tell people how to find out what tags are on their photos. For instance, the Linux command line program "exiftags" will tell you this kind of stuff: (Picked from a random image file I had lying around on my laptop.)
Flamebate this all you like /.'ers but frankly this is a bullshit, asshat perspective and it pisses me off.
At what point is it NOT laziness? 20 pages? 40 pages? 10,000 pages? How about 1,000,000+? My privacy should not be subject to whether or not I've taken the seconds/minutes/hours/days/weeks/years necessary to filter through, read and comprehend every line of small print just so I can protect my family from corporate abuse. That's akin to being taken hostage by legal process and absolutely NOT reasonable. Whether or not this is legal practice doesn't make it right and I thank God we have groups like the EFF out there calling this shit out.
Thought processes like yours sir serve only those who have something to gain from screwing people.
Don't forget the Black Box recording in modern cars that rat you out to police, insurance companies, and the car companies themselves on items that are none of their business such as how fast you drive, and how long before the collision it was that you braked. You certainly didn't knowingly agree to this in buying your last car, yet it's common for your opponents to be able to get this data after an accident, insurance claim, even a vehicle warranty issue. THIS SHOULD NOT BE ALLOWED WITHOUT YOUR EXPLICIT CONSENT.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Well, the article is from a 'White Nationalist' (aka Neo-Nazi) magazine, National Vanguard, sponsored by the 'White Nationalist', National Socialist organization National Alliance. Most of the rest of the article after what the AC posted is a little more blatantly obvious as to what their message really is. Just sayin'.
East Germany gave one good example. A a sixteen year old girl printed protest leaflets in 1968 about the demolition of a church using a toy rail stamp like printer. ... The toy was also removed from shops. :)
The East German gov flooded the area with agents as the fingerprints where not on file and someone had a printer and was using it.
Her husband "hung" himself in prison in 1980
http://www.laurahird.com/newreview/stasiland.html
The paranoia of a gov facing an unknown protester was very real
If your wondering where the stasi people ended up, the US did offer a lot of cash for their best and brightest.
Domestic spying is now "Benign Information Gathering"
He's not a patriot for the same reason he's not a traitor.