Slashdot Mirror
Leave Your Cellphone At Home, Says Jacob Appelbaum
An anonymous reader writes "N+1 has an interview with Jacob Appelbaum (who is part of the Tor project) titled 'Leave Your Cellphone at Home.'" Jacob has a lot to say about privacy, data security, and surveillance. He ought to know. Among other things, he's had his email seized, been relieved of his phone, been the subject of a National Security Letter (video) and generally had his travel disrupted.
There, fixed that for ya. Amazing how they managed to get darned near 100% of the population to agree to carry around a tracking device with nary a peep. All it took was to be very careful to NOT talk about the tracking ability, keep news accounts of the police using the cell data off the front page and make the tracker shiny and useful enough. Do those things and not only will everyone carry one they will pay an average of $50/mo for the privledge. Land of the Free indeed.
Won't be long now before they decide they have the hook set deep enough they can start making more overt use of the location/activity data without many people ditching their tracker.
The carriers WILL start renting out access to track data for advertising purposes. They know where and when you are. They will be able to link that beyond your phone. Won't take much computation to get that localized enough to have a good idea which PC you use and then tie it to doubleclick and google's cookies. Then they know EVERYTHING. Combine a tracking cookie to hard billing quality identification data and the possibilities are truly limitless. Sure they COULD do that with Amazon but there is too great a chance of a user revolt. But people won't/can't give up their iShiny.
What law enforcement will do with the data is so obvious and so dark there isn't much point in hammering it again really. Especially combined with security cameras everywhere. Who cares if the image quality isn't good enough for a positive id or you were wearing a hoodie. It gives a time/location and the tracker gives them who was at that spot in spacetime.
Bust a drug dealer and you have probable cause to grab a trace on everyone who came in contact with that person for the last month. Crunch the numbers enough and lots of patterns emerge. Not quite precrime but close enough. You show up as having been in the room with a number of dealers and that will be your ass. Or be around a few people who later get busted for burgulary and how soon until that is cause for a search warrant on your place? Being able to effortlessly work backwards from a bust and turn up clues like that will change the law enforcement game entirely.
And now you see why AT&T yanked all their payphones and for some reason simply refuses to compete in the landline business, even with billions and billions in sunk costs for all that wire going everywhere. Eliminate hardlines and everyone MUST buy a cell. It is already sorta odd to encounter someone who doesn't carry one, eventually it will be reasonable suspicion of criminal activity. Wouldn't suprise me if they become the preferred physical identifier, i.e. 'your papers.'
Democrat delenda est
If todays phones are nothing more than tracking devices for the government and anybody with the right tools to know where we are at all times, then why are we paying for this?
I mean facebook is free and collects tons of information, yet we pay to use our phones and it collects our information the same way...
This isn't just with phones. Did you know that law enforcement agencies can see what you're doing when you're on the internet?? You should stop using the internet. But it's probably too late, anyway, because they've probably infected your computer with a program that monitors your every keystroke!
And that's not all! Did you know there're identifying numbers on your car, too? Law enforcement can track you and indict you simply because of a number on the backside of your car! You should probably just leave your car at home.
And don't even get me started about how unsecure your fingertips are.
Everything is better with chainsaws.
We're all threats to someone.
You could just leave the SIM card at home and take the phone with you. The wi-fi capability is all you need to maintain communications with the outside world in most urban environments, and doing encrypted, TORed VOIP over a wifi connection shouldn't identify you like the SIM would.
Problem
"And don't even get me started about how unsecure your fingertips are."
Solution:
Hot irons
Bye!
I use CDMA you insensitive clod!!!
Why does that matter?
Do you think they are monitoring the access point?
MAC addresses don't get sent beyond the broadcast domain.
Keep your phone on you, powered down. Or powered up in airplane mode (cell, gps, wifi turned off) if the phone has it. (Advantage is that "airplane mode" is usually instant on.)
This is assuming that you're carrying a phone that can be powered down. If not, I agree; leave it at home. Or get a different phone.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Try Readability:
http://readability.com/
Also available as a browser plug-in.
Koans and fables for the software engineer
And please let us not forget one of the overriding stories against free speech and transparency:
http://www.nnn.se/nordic/assange/suspicious.pdf
http://www.whale.to/b/gelbspan_b.html
And blessings on Jacob for everything he's done and is still doing.
Put your device into wifi mode, only use open access points and communicate over tor?
More people should leave their access points open for the greater good. Or have one open and one closed for their personal use.
Too bad that's not the case =p
Anyone who thinks leaving a cell phone at home, powered off, or in airplane mode is an option obviously doesn't have a wife.
Not unless someone is doing something they shouldn't. Each device is assigned a unique 48bit MAC address at time of manufacture. Each one.
You buy a 24 bit prefix from IEEE (I think) and are then supposed to do your own accounting on the lower 24 bits to be sure you don't duplicate one. If you have ever looked up a MAC to see who made the device, that is how it works. The owner of the prefix is a published record.
Democrat delenda est
Comment removed based on user account deletion
How should one never attract the interest of law enforcement while, for example, law enforcement officers continue to practice unofficial racial profiling?
No, no, see, it transmits your GPS coordinates to a monitoring station while "off" all the time and magically does this without draining any battery power or emitting detectable RF.
...would only be possible if you were a hermit, living in the basement, and having no contact with society.
All the time we get "Why the hell is this posted on slashdot?" Here, it seems, is an article aimed directly at the core demographic.
Is it just my observation, or are there way too many stupid people in the world?
He's right, you can get one here. Of course I've probably placed myself on some government agency watch list by posting this.
I can only imagine it's referring to throughput, rather than storage, i.e. the data comes in, gets analysed and is then discarded. Even so, that would require units of time in there, like yottabytes per second or something. I don't know... any excuse to talk in terms of yottas and sound impressive I suppose.
> You sure?
Don't know about the guy you were replying to but of course I'm sure. And if you knew anything about how this tech you depend upon daily actually worked you would be sure as well. There isn't a spot in an IP frame for the MAC, only in the lower level ethernet frames. If you aren't on the same subnet you don't see the mac address. If a wireless access point has node isolation turned on the different clients attached don't even see them. Of course DHCP servers do log them so if the access point isn't purely a consumer device that forgets that sort of thing as fast as the lease expires there is some trackability. If 'they' want to really go digging for it.
Democrat delenda est
Why does that matter?
Do you think they are monitoring the access point?
MAC addresses don't get sent beyond the broadcast domain.
Why wouldn't they?
I doubt that open access points at random residences are being monitored but I'd bet every Starbucks, McDonalds, and airport that offers free wifi are being monitored and MAC addresses being stored. Most of these are run by monolithic organizations, one of the largest being one that allowed three letter government agencies to snoop on their customers.
Firewall logs typically show DHCP negotiation along with requesting MAC addresses.
'cause he is apparently well-off enough to be able to afford a lawyer.
It's not so much 'DWB' (although that's part of it) a lot more of it is 'DWP' - Driving while [obviously] poor.
AC
Yes, but in this case, "enough devices" is something like 281,474,980,000,000 network interfaces, unless my math is off. That's something like 46,000 network interfaces for every man, woman and child on the planet.
Even counting every network interface in every cellphone, laptop, desktop, server, router and switch that I have ever owned, administrated or even *touched*, I don't think I'm anywhere near my share of network interfaces. While I have no doubt whatsoever that there are people whose network interface count is higher than mine, I still suspect it's safe to say that if I'm not anywhere near that count (as a network admin), then there's no way the average number of network devices in use is anywhere even remotely near that number.
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
While removing the SIM gets rid of the IMEI it certainly doesn't make it so that your phone is unable to connect to a cell network. 911 calls continue to work, even if your phone has no SIM. There are several other identifiers in a cell phone that the network can use for routing and tracking purposes, if they want to.
1. AT&T ditched their pay phones because they didn't make any money.
2 . hardlines - they WANT you to keep them! Really! Case in point: when I called to drop my hardline ATT immediately, without asking, cut roughly 40% off of my bill to keep me on ($95 [with internet] down to $60). Reason given by customer retention person - "We DON'T want you to give up your landline!".
Sunk costs indeed.
After hearing that they could have reduced my bill at anytime, I told them that I was not interested. Cancel immediately. Thank you.
Firm and cold stops all salespeople in their tracks - no emotion is the key.
Well no company that relies more or less entirely on subscription fees will never want you to cancel one of their subscriptions. Doesn't mean they wont stop marketing them as heavily though-
Admit nothing. Deny Everything. Make Counter-accusations.
Gosh, I thought most people understood this by now. Phones in the OFF state still 'wake up' every now and then and phone home to the cell towers. Which allows your movements to be tracked. 'Off' is NOT really OFF. The only way to make a phone truly OFF is to pull out the battery.
And border patrol agents are actually looking out for him? Not denying it, but it's pretty disturbing if they have apparatus in place to grab people like this at the border (i.e., non-fugitives) and then have lowly peons harass them just because some politicians don't like them.
That's too extreme. Just leave all your microwave-transmitting information devices inside the microwave oven, which wil probably be the "deadest" spot inside your house. If your microwave is safe enough to bake a potato, it won't leak enough microwaves for you or the FBI to use YOUR cellphone.
Incidentally, texting or calling a cellphone placed inside a hopefully inactive microwave oven is a crude way to test for possible leaks in the oven's protective coating.
You're assuming perfect distribution of MAC-48 AKA EUI-48 addresses among manufacturers and their products, which is far away from true. 1/2 of the 48 bits here are assigned to a manufacturer. 24 bits there make about 16M unique addresses available to each manufactured device. The flip side to that is that every manufactured device gobbles up 16M addresses, whether they use them all or not. Every time someone releases a new device assigned its own NIC address, another 16M addresses die, even if they only sell 1 of them.
That means the important part then is that there are only ~16M Organizationally Unique Identifier (OUI) blocks, the other 24 bits here. Those are getting consumed at some rate, bigger manufacturers will need more than one of them, and therefore want to ask for a larger block of them. The IEEE is already aiming to reclaim them after 100 years and otherwise tightening standards for keeping companies from getting more OUI "space" than they need. As they state there, "The total number of EUI-48 identifiers available, while large, is NOT inexhaustible.". It's similar to the situation with IPv4 addresses, where the capacity looked practically infinite at first, but waste forced the size of the average block allocations down hard over time to keep from running out. Now you have to use 95% of the addresses you've already got before you can get more OUIs.
MAC addresses have started to move from 48 bits to 64 in order to make this problem go away, because then you're at a "atoms in the universe" scale. I believe that's going about as well as the IPv6 migration. We're a long time from the 48 bits running out, but it's not as impossible as you might think just from computing against 2^48.