Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Activists Who Bring Security To the Oppressed

Posted by samzenpus on from the fighting-the-good-fight dept.

msm1267 writes "Tibetans inside China or in exile, along with Syrians, Iranians and other groups oppressed by autocratic regimes, rely on technology to communicate and organize protests. Yet state-sponsored attackers have infiltrated the devices and platforms used by the oppressed to put their freedom or lives in danger. Groups such as Tibet in Action or Citizen Lab Munk School of Global Affairs have put together resources to help educate and enhance the security of oppressed people."

1 of 33 comments (clear)

  1. Re:The lesson here... by fuzzyfuzzyfungus · · Score: 4, Informative

    All cellphones are vulnerable to being tracked by parties with physical jurisdiction(your telco, for technical and billing reasons, in addition to any sinister motives/data mining/compliance with The Feds, other telcos with towers using sufficiently similar spectrum(unless they are supplying you with service as part of some roaming agreement you'd be less interesting, one presumes; but they could hear you if they wanted to), The Feds(whatever exactly they are doing with those 'Stingrays' that is so impeccably legal that they don't want to talk about it, at all...)), and all, or overwhelmingly close to all, cell modems are little black boxes whose behavior is largely invisible, so they are suspect on that count as well(yes, even on phones with 'Open Source Firmware', this just means that the cell modem is a black box that communicates with the OS in a polite and well-understood manner, generally one amusingly similar to an AT modem on a serial line, albeit with a bunch of command set extensions).

    Smartphones however(and 'featurephones' complex enough to basically be smartphones with shitty 3rd party support) have the disadvantage of running enough fancy software, generally along with an internet connection, that an attacker without physical jurisdiction may well be able to pull off an attack purely in software by planting malware at the OS level. In addition to getting more interesting data than just rough location and calls made/received, this means that Country A can(with minimal risks of repercussions) bug a citizen of Country B.

    That's the reason why smartphones, in particular, along with computers and webmail accounts and other network-vulnerable services, tend to be of concern to Tibet activists and other groups that rely substantially on expat populations for coordination/PR/etc.

    It's no secret that Ma Bell will be happy to tell Uncle Sam all about you if your phone is inside the US; but it is much less likely that either party would cooperate with Chinese authorities who are looking to crack down on Tibetans or Ugurs or whoever it is these days. Software attacks, though, will work just fine.