Smartphone Users Are Paying For Their Own Surveillance

Nicola Hahn writes: While top secret NSA documents continue to trickle into the public sphere, tech industry leaders have endeavored to reassure anxious users by extolling the benefits of strong encryption. Rising demand among users for better privacy protection signifies a growth market for the titans of Silicon Valley -- this results in a tendency to frame the issue of cybersecurity in terms of the latest mobile device. Yet whistleblowers from our intelligence services offer dire warnings that contrast sharply with feel good corporate talking points. Edward Snowden, for example, noted that under mass surveillance we're essentially "tagged animals" who pay for our own tags. There's an argument to be made that the vast majority of network-connected gadgets enable monitoring far more than they protect individual liberty. In some instances, the most secure option is to opt out.

Smartphone Users Are Paying For Their Own Safety

Smartphone Users Are Paying For Their Own Safety

a grain of salt for the fearmongering

[nimbius]

from TFA:

Even if a phone call is encrypted, the very act of making a call provides a wealth of data to spies.

implying you know what a phonecall looks like encrypted. TLS from services like signal on android look indistinguishable from any other VPN traffic you might see on the wire. Couple the phone with openvpn's client, and you have a phone that well, doesnt emit phonelike traffic at all.

non-smartphones can be viewed as superior to smartphones as they generate a smaller data footprint. Going a step further, a pager can be viewed as superior to a non-smartphone because communication on the user's end is further constrained, as well as not anchored to a particular phone line.

but that footprint is guaranteed to use public infrastructure that is readily intercepted by a malicious state actor. you no longer have a cryptographic option, or very much insight into what traffic is leaving the phone. A pager routinely hits a cell tower and emits user-identifiable data that will always be relayed through a carrier network that is part of the state apparatus for spycraft. Pagers havent been safe since the DEA realized they could intercept them during drug investigations.

Perhaps, in certain cases, the best solution is to follow the lead of Russian spymasters and simply opt out.

In some cases, yes. Do you absolutely need your cellphone on you at all times? you would be surprised how many events dont require it but its present anyhow; do an audit. For events that do require a cellphone, use your situational awareness to limit its emissions, and ensure the device as well as its traffic is encrypted. Check out Prism Break for more information on how to avoid state sponsored unlawful surveillance.

Re:a grain of salt for the fearmongering

[Obfuscant]

A pager routinely hits a cell tower and emits user-identifiable data that will always be relayed through a carrier network that is part of the state apparatus for spycraft.

Uhhh, no. My pager "hits" nothing. It is a receive-only device. It has nothing to do with cell towers.

The only "spycraft" is that the pager company can record the phone number of the caller. The message itself can be completely meaningless to anyone who intercepts it.

Pagers havent been safe since the DEA realized they could intercept them during drug investigations.

Depends. If the caller is using a burner or a phone unattached to him, then the DEA can intercept all they want. They aren't going to know that "34592" as a message means "the kilo of coke is ready for pickup at the regular location" unless they've extracted that info from one of the two parties involved. In that case, we're already toast.

Re:a grain of salt for the fearmongering

> Uhhh, no. My pager "hits" nothing. It is a receive-only device. It has nothing to do with cell towers.

And where do you think it receives the message from ?. A local cell tower, which now knows where the pager is.

Re:a grain of salt for the fearmongering

Uh... no. These signals are almost always uni-directional (sometimes can be bi-directional) and are usually run by private companies that almost certainly have nothing to do with cell phone towers. POCSAG and Flex are the two main protocols. Look it up.

Re:a grain of salt for the fearmongering

[mrchaotica]

implying you know what a phonecall looks like encrypted.

It looks like a more-or-less isochronous, symmetrical stream of packets that takes a medium amount of bandwidth (less than video, but more than online gaming). If you wanted to make it look less like a phone call you would want to do something like add jitter or latency, or send lots of junk data along with the signal... but those things would either reduce call quality or waste your data allotment.

Re:a grain of salt for the fearmongering

[exomondo]

implying you know what a phonecall looks like encrypted. TLS from services like signal on android look indistinguishable from any other VPN traffic you might see on the wire. Couple the phone with openvpn's client, and you have a phone that well, doesnt emit phonelike traffic at all.

Which can all be undermined by malicious or compromised hardware, you need to have open hardware and a way of verifying it.

Re:a grain of salt for the fearmongering

> Uhhh, no. My pager "hits" nothing

if you think electromagnetic radiation based communication signals don't send/rcv (*even* when the net desired flow is one-way) then I've got a great SYN/ACK based waterfall in Arizona to sell you! This isn't AM radio we're talking about - it's 'communication' ; which is different than broadcast.

Re:a grain of salt for the fearmongering

[Obfuscant]

This isn't AM radio we're talking about - it's 'communication' ; which is different than broadcast.

One-way pagers, which in the context of the discussion is what are being referred to, are no different than broadcast. The transmitters do not know where the pager is located because the pager emits nothing more than the miniscule signals leaked from the local oscillator. Those can be picked up no further than a yard, possibly two in the worst case, from the pager. Nobody is tracking the pager user.

And that means that no, it isn't true "communication", because it truly is one-way and there is no ACK to go with your asinine waterfall in Arizona.

Re:a grain of salt for the fearmongering

5% rule
If you inject 5% false positives the other 95% is worth shit.

Using Wireshark someone noticed an Apple Iphone calling mother HQ sending god knows what back.
The solution was to let it - only scramble the outbound packet and give it the right checksum. GIGO.

With constructive email and an automation scripts suggesting a 6 figure income - a very poor housing block got invites to a prestige free lunch and test drive an imported car. Too bad they all were on support payments. How could Google get the leads so wrong! That's because they browsed 'diamond ring' 'luxury 1sr class holiday' and prestige car.

I get regular SMS messages telling me my local congressman is having an illicit drugs party - come alone and get stoned - all skirts welcome.
Reply 'meet me in the park or check drop point' as I don't trust electronics'. Preferably send these messages at a campaign meeting so the sms aligns with the same celltower. 1st impressions matter.

Send the electronic peeping toms on a wild goose chase.

Presently there is no 'Cookie' sabotage that give trackers defective information. There needs to be.

r

Re:a grain of salt for the fearmongering

[gweihir]

There is good research for identifying phone traffic from encrypted data packets. It is rather simple, it seems as you can see typical voice-patterns and what the voice-codecs make of them in the data-rate profile.

Re:a grain of salt for the fearmongering

[gweihir]

No, it does not. First, there is suppression of the noise-floor, i.e. no traffic when you do not speak. And second, there is the voice-codec compressing different speech differently. Apparently, this even leaks some amount of what is being said. A better (future) standard would add cover-traffic, with isochronous data-rates and then that leak gets plugged. You could still identify voice-traffic, as almost no other stream-type is isochronous at this data-rate.

Re:a grain of salt for the fearmongering

Working with early Neo900 brainstorming I had a back and forth with RMS over the pager-phone. If one existed with real OSS and a default to off only booting the GSM for the duration of outgoing calls/sms/data he even said he would consider such a user friendly phone.(subject to a list of qualifications on hardware/software)
The Openmoko/Neo900 hardware devs have a hacker interface port which would support a pager but not sure if anyone is ready to do the dev work for a pager module.

Re:a grain of salt for the fearmongering

This is easy enough. Use a GSM modem, that you only power up when you need to make a GSM call. Otherwise, you use an all-OSS computer. If the intel/amd computers arent OSS enough for RMS, (bios/firmware) then go with one of the many ARM thingies. Most of them will run linux, and certainly have power enough for phone operation.

Re:a grain of salt for the fearmongering

[Phreakiture]

Most pagers operate on a "spray and pray" principle of operation. They blast out a high-powered broadcast signal from numerous towers, and your pager either hears it or it doesn't. Your message will get blasted out from every tower in the network in your coverage area, regardless of where you are, because it doesn't know where you are.

The exception is that some pagers have the ability to send a response. Obviously, you can see where those are when a response is sent.

Re:a grain of salt for the fearmongering

This is so old news. Any mobile phone (smart or not) is tracked, that is how they can route the call to you when someone calls. Everybody know that, and know that if they don't want the authorities to know their whereabouts - don't bring a phone. Not any kind of phone.

And sadly, if you need to keep a secret, don't talk about it on the phone. Do like IS and the mafia, meet in person.

If you want to run a high-tech crime ring, use crypto all the way, and have a system for rotating all the phones so they can't know who has which phone. Also replace phones at random, mailing the old ones to random addresses tying up surveillance.

Re:a grain of salt for the fearmongering

That's the stupidest thing I've heard in a long time. You're stupid enough to be a software developer.

Re:a grain of salt for the fearmongering

[Phreakiture]

This isn't AM radio we're talking about - it's 'communication'

It isn't AM, that's true. It's FSK. Modulation type is not relevant though. What is relevant is that you are sending a broadcast signal from all towers in the paid-for coverage area. I don't see why it is difficult to grok that these devices, which date back to the 80s, which send very small messages, which have an ever-shrinking user base and therefore plenty of spare capacity, couldn't get by with a "dumb" methodology for getting the message out.

Pagers do not check in. They do not ACK. They do not transmit anything, at all, ever (exception for pagers with reply buttons). The pager does not know its location. The network does not know the pager's location.

This non-transmit methodology is also how pagers can run for months on a single AAA battery.

Re:a grain of salt for the fearmongering

[tlhIngan]

Most pagers operate on a "spray and pray" principle of operation. They blast out a high-powered broadcast signal from numerous towers, and your pager either hears it or it doesn't. Your message will get blasted out from every tower in the network in your coverage area, regardless of where you are, because it doesn't know where you are.

The exception is that some pagers have the ability to send a response. Obviously, you can see where those are when a response is sent.

Not only that, but the frequencies used are far lower - I believe between the upper end of the aviation band to the lower end of the 2m ham band. This gives them generally good penetration of the signal and a wide coverage area. Plus the protocol generally re-sends the page several times so the pager will hopefully catch it.

It's what gave pagers the unprecedented coverage and why until recently did cellphones manage to overtake them in coverage (mostly by brute force). No matter where you were, a pager signal could get through versus the old cellphone signals may not.

Incidentally, pager amplifiers are great 2m amplifiers on the ham band - because they're so close it's just a minor retuning effort and you can get 250+W super-cheaply.

Re:a grain of salt for the fearmongering

[Obfuscant]

Not only that, but the frequencies used are far lower - I believe between the upper end of the aviation band to the lower end of the 2m ham band.

The pager I have operates at above 900MHz.

Re:a grain of salt for the fearmongering

[Phreakiture]

I am aware of scanner signals on the 150MHz, 450MHz and 900MHz bands. I don't know how users are distributed across these bands, though.

Re:a grain of salt for the fearmongering

[Phreakiture]

I meant to say pager signals, not scanner signals. It is from being a scanner listener that I'm aware of them.

Never trust anything that can communicate remotely

Your car, your phone, your tablet: all spying on you.

Growth market for the titans of Silicon Valley

The tools are there now to allow engineers to start developing open hardware/software that would allow for true end-to-end security for LTE/GSM communications. The LimeSDR project that is almost fully funded now (23 hrs left), already has demonstrations for LTE and GSM communications and everything down to the schematics and FPGA code are freely available. Maybe the time is here to step up and create our own solutions for better security.

Re:Growth market for the titans of Silicon Valley

[cavreader]

"Maybe the time is here to step up and create our own solutions for better security" There is nothing stopping anyone from doing this right now. There are 3 main areas that will need to be addressed to create better security. The first area would be the hardware This includes the data communication infrastructure and making sure any devices connected to a network can support the new security paradigm. If implementing better security model requires the replacement of routers, firewall appliances, and basically any other piece of connected hardware the cost would be staggering. Software would be the next area and this would be the easiest and relatively cheapest area to implement the new security related changes. And finally the most difficult and most likely impossible area is the users. And by users I would include system administrators, developers, and the general public user base. It is possible now to secure your systems and encrypt your data communications to the point that it would take a substantial effort by the government to access.

Re: Growth market for the titans of Silicon Valley

There is always ubuntu phones that noone uses. Users dont care about security.

i'm also paying for my evidence collection device

[known_coward_69]

like if someone were to hit my car i can snap a location/date tagged photo after the event for evidence so the perp can't lie their way out of it. and my phone keeps a record of where i go, just in case the cops arrest me for something i didn't do like happened to a lot of people back in the good old days

Hypocrisy

Prominently displayed on the page linked last in TFS:

You don't need an ad blocker to view Truthout, because we don't run advertisements. In fact, we refuse all corporate-interest funding. Help Truthout stay independent: Make a donation now!

Ghostery blocks Facial Social Plugins, so you most certainly are being tracked on the site that baldly proclaims that you don't need an ad-blocker to view it. You do if you want any shred of privacy.

JS Blocker also picks up some "dingo.care2.com" trying to load something too. No clue what that is, and they don't need any clue about who I am either.

Re:Hypocrisy

Do you care about yourself so much that you can't care about dingos too?

Re:Hypocrisy

They also have 1x1 beacons.

"Something to hide"

[hackwrench]

I find it absurd how easily people don't realize that if you have a family, you do have "something to hide".

Re:"Something to hide"

W.P.P. Until it matters they are lucky they live in an environment where this isn't blatantly obvious.

Re: "Something to hide"

Lucky for me, I don't have a family, just crippling depression.

Managed Surveillance

yeah. but I can control what goes into the phone. and more importantly, I can control what doesn't. Everything interesting is off grid. they used to follow me in person, they will have to do that again if they are interested in something I don't want them to see. certainly I don't serve it up in the phone for them. life was so much simpler when they were just hacking my land line... hehe

Opting out

[mea_culpa]

the most secure option is to opt out.

I'd think that doing this would put a bigger target on you.

With facial recognition the way that it is now, the data gathered from these sources will carry a little more weight to compensate. Meta data collected from these sources would be analyzed a more thoroughly. Links to other data monitored more closely, bank accounts, utility usage, stores frequented, etc. This is likely already being done automatically.

You are going to be profiled whether you like it or not. We are long passed the time of being able to opt out and live a civilized life.

Really, the battle is long lost folks.

Re:Opting out

[fustakrakich]

Not really lost. We just have to "opt in" the entire ministry. We have cameras too. Let's make good use of the system. Since we can't stop the spying, let's just do what we can to remove the state's advantage.

Re:Opting out

[boristdog]

I believe letting the surveillance folks know where my cellphone is at all time is better for my privacy. It makes them lazy.

Why?

Because when I have it on me most of the time, then I leave it somewhere, that's where they think I am. So I can be anywhere else and no one will suspect.
My cell phone sits quietly at home when I visit my dealer.

Re:Opting out

[cpghost]

I'd think that doing this would put a bigger target on you.

What's so bad about this? I mean, seriously? You'll be drawing a couple of mW and CPU cycles of NSA/GCHQ's computers more than they would have wasted otherwise, and occupied a couple of additional bytes in their storage system. That's all there is to it. No more, no less. As long as your behavior doesn't trigger an alert that forces a human operator to briefly look at your data, no harm has been done. And if a human op has to look, the only harm done is his or her wasted time, time that would be better put to use to investigate real targets instead of false positives. They don't care about your petty life, that's not what their mission is about.

Mass surveillance is widely overrated, IMHO. Even directed surveillance is not as effective as it should have been... so relax. The only ones who should be worried are foreign corporations whose trade secrets are being systematically spied upon, and, of course, governments who have traditionally always been a legitimate target of spying. Regular people aren't interesting enough, even though they would be flattered if it were otherwise.

Re:Opting out

[peawormsworth]

As long as your behavior doesn't trigger an alert that forces a human operator to briefly look at your data, no harm has been done. And if a human op has to look, the only harm done is his or her wasted time, time that would be better put to use to investigate real targets instead of false positives. They don't care about your petty life, that's not what their mission is about.

I don't think you have ever been a system administrator or worked closely with them. It seems to be human nature to pry into the personal aspects of other peoples lives. If you give someone the option and enough time... they will do it. Even when it is outside their job title or even if it could result in their dismissal. If they know they won't get caught they will eventually do it. I seen this in many other people. It's a sickness. A human condition. I seen it in myself and I was disappointed in myself.

If you think that constant monitoring will not be abused, then I doubt you ever had access to that data.

Also, I completely disagree that having a computer monitor you is any different from a human watching you. Anything that monitors your behaviour 24/7 is still infringing on your privacy. And that observation will be looked at by a human if the computer profiles you. So in effect, you are trusting your privacy to an algorithm, which we did not consent to. A computer sees better, listens better, records and remembers better than any human and its reports are trusted 100% by the courts. So it's circumstantial evidence is far more damning than any human.

People that think a camera and microphone in the bedroom (which is where most phones go at night) is acceptable do not think like me and do not value personal one on one intimate and private moments.

Re:Opting out

[cpghost]

Actually, very long-term sysadmin here, responsible for huge number of servers and users. Believe it or not, once you're herding a certain threshold of users/machines, you stop being curious about individuals' behaviors, porn, lives, whatever... it becomes totally irrelevant.

Those guys working at 3/4 letter agencies are in the same position: I'll bet what you want that most of them are bored senseless when they are alerted by the algorithms that they have to look into some real-life data, just to find out that it is in 99.9% a false positive, again! Sure, you'll have some rogue PFY in there too with BOFH phantasies doing his or her thing w.r.t. their near relatives, but hey, that's bound to happen anyway, with or without surveillance agencies. That's NOT the rule, that's the tiny exception.

Personally, I'm not worried at all about that kind of surveillance and their personnel; as I've said, I'm more concerned about keeping THEM and their commercial and criminal counterparts out of networks they persistently try to infiltrate for industrial espionage purposes. THAT's where they are a nuisance, not their amateurish-organized mass-surveillance business that is still in its infancy, despite claims to the contrary.

Yes, I'm strongly pro-privacy, but I'm too long in this area to be easily impressionable: there are simply logistical and physical limits to what such a system of mass surveillance can achieve; limits that can't be overcome, no matter what efforts are being put into it. Some will be worried by this fact, others will be reassured by it, but however we see it, that's life. I'd rather prefer life to be somewhat random, and not totally under control, and I think it will always remain this way, thankfully.

Re:Never trust anything that can communicate remot

Not to mention your refrigerator.

The dangerous KITCHEN!!!!

We pay taxes. duh

[zenlessyank]

Taxes pay for the NSA surveillance company. Hello. McFly.

You are protected by irrelevance.

[Brannon]

No one is snooping on your private life, mostly because your private life is hella boring.

If you don't want to carry a cell phone then don't, but for the love of god please stop pretending that every three letter agency in the world is obsessed with seeing your lame dick picks. They really, really, don't care.

Re:You are protected by irrelevance.

[mrbester]

True, no *one* is snooping, because there's too much data for humans to sift through. However, it isn't true that no *thing* is snooping as something automated is doing that sifting, and only involves a human should some undisclosed trigger occur. I would bet a lot of those are then categorised as false positives by humans reviewing with that being fed back into the system.

In the beginning dick pics would have triggered all the time. Now they are ignored (unless subject or recipient are listed as under age I suppose).

Re:i'm also paying for my evidence collection devi

...and my phone keeps a record of where i go, just in case the cops arrest me for something i didn't do like happened to a lot of people back in the good old days

1) leave my phone at home on the kitchen counter
2) commit some act of larceny
3) ...
4) use my phone's location as an alibi
5) profit

Oh wait, maybe I need to rethink this.

I was ridiculed...

... for making the comment that "smartphone users aren't smart," a few weeks ago. My arguments were the same.

Re:I was ridiculed...

It's the name game, if something is missing you need to put it in the name.

Re:I was ridiculed...

[codeButcher]

Do as the article writer did, and call them "non-smart".

Duh

[110010001000]

The point of a network connected device is to, uh, network. To communicate with other endpoints. There is no security in a network. I don't know why people think networks are supposed to be secure. They aren't. They are supposed to facilitate communication, not hide it.

Re:Duh

They're supposed to facilitate communication between parties agreeing to communicate. That's very different from letting an endless series of uninvolved parties snoop on that communication.

If Bob and Alice want to talk, then Bob and Alice should, but every marketer and intelligence service on the planet doesn't need to be listening in.

Re:Duh

[110010001000]

No, not originally. In fact on the first networks every node "talked" to every other node (broadcast). Networks aren't secure.

Re:Duh

Technical limitations of the earliest forms of the technology are not relevant. What is important is how we want them to work. The vast majority of human beings do not want to live under the Stasi. Thus, it is important to establish and safeguard private communication on the internet.

Re:Duh

[Plus1Entropy]

They are supposed to facilitate communication, not hide it.

The two are not mutually exclusive. You can facilitate communication and hide it, that is the exact purpose of cryptography.

Re:Duh

[exomondo]

They're supposed to facilitate communication between parties agreeing to communicate.

Over a public network using other peoples' equipment, just like landline telephones or chatting in a public space. Sure there are ways to mitigate the other users of the area (or network) from listening like speaking in code (encryption) but you can't just expect to be in a public space, speak loud and clear and then complain that other people shouldn't be listening to you. If you want to communicate over a public network using other peoples' equipment in such a way to prevent others from listening then you need to employ tactics to do it, thankfully we have that and it simply means using encryption or Virtual Private Networks, which we have had for a very very long time.

You can't legislate something like this away, it isn't legal to take somebody elses credit card information and use it to make unauthorized purchases but you don't go out and just shout out your credit card number in public or send it unencrypted over the internet. If you want privacy you have to actively enforce it yourself and as I said there are plenty of means with which to do that and have been for a long time.

Re:Duh

[tlhIngan]

The two are not mutually exclusive. You can facilitate communication and hide it, that is the exact purpose of cryptography.

You can hide the content but not the communication.

Fact is, you communicated with someone. Both endpoints are known, and their approximate locations, too. We also know how long you talked (or remained connected), if your position moved, who called whom, etc.

See, the call has both the data (the content), and the metadata (information about the call). The metadata cannot be encrypted as it's required in the setup and billing of the call, and thus is available.

It's just like using encryption for your internet packets - TCP and IP headers are all in the clear as they cannot be encrypted (they're needed for the public network to be able to send your packet onwards to the destination)

Heck, analyze a bit and you may be able to glean the content just from the way the traffic is flowing - the compression and protocol behaviors often have a unique fingerprint so unless countermeasures are taken it can provide useful information.

Re: Duh

What? No it's not, fuck off.

No network has ever been designed like that, all of them have shared that same basic principle of nodes touching nodes.

Even ARPA, commonly cited as the internets ancestor by retards, is a total 180 from the way the internet works, they share nothing, not even the packet switching is the same.
It only shares one thing, yep you guessed it, those damned social networks chitting and chatting!

Even mesh networking relies on trusting nodes you have no say in, be it physical meshes, or virtual ones like Tor.

Re:i'm also paying for my evidence collection devi

I'm not sure how this justifies the device being exploited for surveillance. May as well buy a cheap camera instead.

The kind of shit that goes on in the smartphone "sphere" makes me dread the day I have to buy one out of necessity.

Re:i'm also paying for my evidence collection devi

Sounds like a good deal. I'm sure your car is getting hit all the time, probably at least as often as you're being surveilled.

Re:Never trust anything that can communicate remot

[mrchaotica]

My car can't spy on me; it was built before digital cell networks existed!

Re:i'm also paying for my evidence collection devi

[jxander]

A very useful tool in a society where you are assumed guilty and must prove your own innocence.

Its not about what I have to to hide TODAY.

[WolfgangVL]

Its about what I may want to keep to myself TOMORROW.

Nobody want your dick-pics....... until they make taking them a felony.... and then when you speak out against XYZ, you can be quietly dealt with, publicly shamed, and discredited.... all within the bounds of the law.

There was a time in my country when the people decided to make booze illegal. Maybe tomorrow some politic will make something *ELSE* I do every day illegal. See where I'm going with this? Nothing good will come of the vast stores of data we keep surrendering in exchange for pretty maps, trendy devices, and free email.

Ditch the smart-phone. Its not your ally. You don't really need it, and its making you less able. Its a crutch. Hell I know a guy who can't even drive home from work without a GPS system. I bet you know somebody like that too.

Buy yourself a dumb prepaid candybar (under your favorite cartoon characters name) if you REALLY feel you must have comms in your pocket, or your employment demands it you can make THEM buy it for you.

Your data has real VALUE. You are being ripped off every second of every day, so that advertisers can help rip you off even more tomorrow, and maximize yesterdays ripoff today.

ZOMG GOVERNMENT is watching me! = sounds like crazy ravings on purpose.

Re:Its not about what I have to to hide TODAY.

There was a time in my country when the people decided to make booze illegal.

Yes, a time before smartphones.

Maybe tomorrow some politic will make something *ELSE* I do every day illegal.

Maybe they will and if they are going to do it then just like prohibition they won't be reliant on smartphones to do it.

Ditch the smart-phone. Its not your ally. You don't really need it, and its making you less able.

You don't really need matches to make fire either and sure I'm less proficient at rubbing 2 sticks together but that's cool. There's a lot of things you don't need that are convenient and a loud minority telling you how bad they are without actually being able to provide any concrete example of why.

Hell I know a guy who can't even drive home from work without a GPS system.

Thats nothing to do with a smartphone that is just a moron and you are enabling him by making excuses and blaming his smartphone for is blatant stupidity, you are an enabler.

Re:Its not about what I have to to hide TODAY.

What you do or don't do isn't going to matter. If they want to nail your ass to the nearest wall, they're going to invent the means to do it regardless of any precautions you take.

There are really just a few scenarios and only one of them is favorable.
1) The state considers you an enemy (it doesn't really matter why). You have already done something that they nail you for. They got what they wanted.
2) The state considers you an enemy (it doesn't really matter why). You don't do anything that they can nail you for. They wait. Eventually, you screw up and they get you anyway. You can't hold out forever. Period.
3) The state doesn't consider you an enemy (yet?). You do something dumb and that changes. They nail you.
4) The state doesn't consider you an enemy (yet?). You waste lots of time and energy trying to stay "safe" from their intrusions. This annoys them. Go to scenario #2, above.
5) The state doesn't consider you an enemy (yet?). You blend in with everyone else and nobody cares. Including "them". "They" leave you alone.

None of this precludes you from protecting yourself from invasive advertisers, which do not have nearly the same coercive resources as a state actor. Feel free to tell advertisers and other commercial interests to go fuck themselves. But the best defense against a government is to blend in and look like the rest of the flock. It's not that you have nothing to hide. Everybody has something to hide. It's just that you have nothing they want.

Re:Its not about what I have to to hide TODAY.

This is one of the many things that the "nothing to hide" drones fail to realize. Just because the things you're doing are not illegal TODAY, there's no guarantee that they won't be illegal TOMORROW or at some later date.

Sure, people can try to argue dates of statutes and such, but to expect a fair and just trial is more than a little naive.

Re:Never trust anything that can communicate remot

[exomondo]

But if it's registered to you and you drive it on public roads then the opportunities for surveillance and tracking are not that difficult to comprehend. Indeed it happens with a lot of police vehicles, major arterials and certainly on toll roads.

Most secure but least usable

In college we always joked that the most secure computer was the one that was unplugged an locked away. You couldn't do anything with it, but it was the most secure. The phone you never had is the most secure but also the least usable.

The decision we make is the balance of security and usability with the options available. Some options compromise less than others.
We all have differing priorities for the choice we make and the risks we are willing to accept.

Re:i'm also paying for my evidence collection devi

Only evidence that can incriminate you will be of interest. Everything else will be dismissed.

REMOVE BATTERY

Early and often.

Also, use codewords and code-sheets. Change those early and often.

Don"t be a sheep. Be a Lion !

Really ?

Do they have an open source baseband controller ?

I do not think so. That is how they will hose your phone.

Re:i'm also paying for my evidence collection devi

forget it at home often and early.

FALSE, Mr NSA

As soon as you will call them out for their crimes more than once (e.g. the Iraq war scam) - they will come for you and try to exert pressure.

Using their enormous database of ALL EMAILS, ALL SMS, ALL TEXT MESSAGES, they can crack down on you very forcefully.

They now want to have Kompromat Against Everybody.

That's why you and your colleagues should not be aided.

edward-snowden

https://20committee.com/2016/06/11/edward-snowden-is-a-russian-agent/

Well gee

[jarablue]

Kinda like we are all paying for our inevitable incarceration with out taxes huh? I love going to work every day knowing that my taxes are fueling the surveillance efforts that have been ongoing for the past two years. Gotta love FBI/LEO corruption. Wonder what I'll get charged with. Over and out.

Re:Well gee

... the surveillance efforts that have been ongoing for the past two years ...

Ha. Hahahaha. You naive person.

Re:Never trust anything that can communicate remot

[mrchaotica]

Good point. Still, that's not exactly the car's fault in the same way that it is with modern "infotainment"-infected ones (and especially things like Leafs, Teslas, and anything with a Progressive Insurance "snapshot" module plugged into it).

What we need is a license plate cover that allows the plate to be read by humans but masks it against being read by cameras (and to repeal the laws prohibiting its use). You could say we could prohibit the use of the tracking cameras instead, but we all know that wouldn't actually get rid of them.

Re:Never trust anything that can communicate remot

My car can't spy on me; it was built before digital cell networks existed!

https://en.wikipedia.org/wiki/Automatic_number_plate_recognition

Turn the tables

[FrozenGeek]

If you know, or are reasonably certain, that you are being monitored via your smartphone, you have the potential ability to feed those doing the monitoring either misinformation or carefully chosen information. Want to get hammered at the bar? Leave your cellphone at home. Going to Christmas eve Mass? Take your cellphone with you. Want to buy some nice lingerie for your GF? Use your computer (assuming you trust your ISP, the on-line store, your credit card vendor...). Want to make a charitable donation? Use your smartphone. If I know you're listening, I can feed you what I want you to hear. This is not brain science.

Re:Turn the tables

The problem is real signal will be in the misinformation too unless you stop using the phone to do any real communication. At which point what purpose does it serve?

Dr Fun.. from 2006

[cant_get_a_good_nick]

Dr Fun was one of the first webcomics.

He posted this in 2006

Back in year 2000 some people i knew defaced AT&T billboards including tags about the NSA listening. This isn't all that new. Sadly, not a lot of pushback. When was the last time (or more likely, any time) you've talked about a stingray and your phone?

Surveillance can prove your innocence too

[cpghost]

Sure, it's annoying to be tracked by algorithms around the clock via smartphones, but let's see it in a positive, or at least less negative, light for a change. Suppose you have the same name and/or a similar profile as someone who has raised some red flags and who landed on a couple of Governments' black lists. If you are really unlucky, next time you want to board a plane, you'll be in for a nasty surprise at secondary. Even if things get sorted out this time, next time you'll be again in trouble, and again, and again...

Now, suppose you are the privacy-conscious guy, who shies away from smartphones, who doesn't use credit and debit cards any more than absolutely necessary and prefers to pay cash as much as he can, and who in general keeps a low digital footprint. Now you're screwed, because you'll have a whole lot of red flags floating all around you. Not only can't you prove that you were not where your alter ego was, your disappearance from the surface makes you prime suspect and will have you listed on even more lists than ever before. Good luck cleaning your name and reputation after that! Maybe having carried your private portable Orwellian telescreen with you would have spared you all those troubles.

Yes, I know, that's not the world we would like to live in: being forced to accept surveillance as a way to prove one's innocence would have been considered a typical dystopia some 30-40 years ago, but sadly, that's where we're living in right now. We've allowed ourselves to fall into a collective panic, but that's how it is.

Re:Never trust anything that can communicate remot

[RockDoctor]

What we need is a license plate cover that allows the plate to be read by humans but masks it against being read by cameras

That's not physically possible, since the human eye has a limited range of sensitivity and we have long had sensors that overlap that range of sensitivity. Anything that the human eye can read, those sensors can read ; anything image that can be read is an image that can be OCR'd and it's content extracted.

That is why ANPR is a commodity product, and barely regulated.

Re:Never trust anything that can communicate remot

[exomondo]

Still, that's not exactly the car's fault in the same way that it is with modern "infotainment"-infected ones (and especially things like Leafs, Teslas, and anything with a Progressive Insurance "snapshot" module plugged into it).

True, but even if you eliminate that it doesn't really matter whos fault the "spying" is, the end result is that it happens and is becoming more widespread as the cost of surviellance plummets.

What we need is a license plate cover that allows the plate to be read by humans but masks it against being read by cameras (and to repeal the laws prohibiting its use). You could say we could prohibit the use of the tracking cameras instead, but we all know that wouldn't actually get rid of them.

I'm not sure the human eye has a spectrum that we can't visualize with a camera, in fact it's actually the other way around. Like you say, prohibiting the use of cameras is unlikely to make it go away, this is also my argument against going to any effort for legislating for network privacy. Even if they say they aren't going to do it do you really trust them? And even if they are caught and then also by some miracle held to account that still doesn't fix the damage.

Re:Never trust anything that can communicate remot

[mrchaotica]

I'm not sure the human eye has a spectrum that we can't visualize with a camera, in fact it's actually the other way around.

I was thinking more along the lines of a polarized filter or array of CCD-blinding infrared LEDs.

Re:Never trust anything that can communicate remot

[exomondo]

I was thinking more along the lines of a polarized filter

These have been debunked. It kind of worked for very specific angles against certain kinds of older cameras but in pretty much all practical circumstances is not going to work.

or array of CCD-blinding infrared LEDs.

That's easily overcome with an IR filter.

I see where you're going with this but surveillance is only one part of it, even if you can outlaw surveillance cameras you still need to get redlight/speed cameras removed because governments aren't going to allow devices that circumvent existing legal law enforcement mechanisms. While I'm skeptical that you could get traffic monitoring cameras outlawed I'm even more skeptical that you could get all remote law enforcement mechanisms outlawed, I'm certainly all for it but I don't see it happening. Then of course you also don't get the evidence that you have been stopped by police, if your plate is invisible to cameras it's your word against theirs and one of the reasons cameras have been deployed on police cars is to make sure there is evidence of a stop not just for the officer but for the public.