Smartphone Users Are Paying For Their Own Surveillance

Nicola Hahn writes: While top secret NSA documents continue to trickle into the public sphere, tech industry leaders have endeavored to reassure anxious users by extolling the benefits of strong encryption. Rising demand among users for better privacy protection signifies a growth market for the titans of Silicon Valley -- this results in a tendency to frame the issue of cybersecurity in terms of the latest mobile device. Yet whistleblowers from our intelligence services offer dire warnings that contrast sharply with feel good corporate talking points. Edward Snowden, for example, noted that under mass surveillance we're essentially "tagged animals" who pay for our own tags. There's an argument to be made that the vast majority of network-connected gadgets enable monitoring far more than they protect individual liberty. In some instances, the most secure option is to opt out.

a grain of salt for the fearmongering

[nimbius]

from TFA:

Even if a phone call is encrypted, the very act of making a call provides a wealth of data to spies.

implying you know what a phonecall looks like encrypted. TLS from services like signal on android look indistinguishable from any other VPN traffic you might see on the wire. Couple the phone with openvpn's client, and you have a phone that well, doesnt emit phonelike traffic at all.

non-smartphones can be viewed as superior to smartphones as they generate a smaller data footprint. Going a step further, a pager can be viewed as superior to a non-smartphone because communication on the user's end is further constrained, as well as not anchored to a particular phone line.

but that footprint is guaranteed to use public infrastructure that is readily intercepted by a malicious state actor. you no longer have a cryptographic option, or very much insight into what traffic is leaving the phone. A pager routinely hits a cell tower and emits user-identifiable data that will always be relayed through a carrier network that is part of the state apparatus for spycraft. Pagers havent been safe since the DEA realized they could intercept them during drug investigations.

Perhaps, in certain cases, the best solution is to follow the lead of Russian spymasters and simply opt out.

In some cases, yes. Do you absolutely need your cellphone on you at all times? you would be surprised how many events dont require it but its present anyhow; do an audit. For events that do require a cellphone, use your situational awareness to limit its emissions, and ensure the device as well as its traffic is encrypted. Check out Prism Break for more information on how to avoid state sponsored unlawful surveillance.

Re:a grain of salt for the fearmongering

[Obfuscant]

A pager routinely hits a cell tower and emits user-identifiable data that will always be relayed through a carrier network that is part of the state apparatus for spycraft.

Uhhh, no. My pager "hits" nothing. It is a receive-only device. It has nothing to do with cell towers.

The only "spycraft" is that the pager company can record the phone number of the caller. The message itself can be completely meaningless to anyone who intercepts it.

Pagers havent been safe since the DEA realized they could intercept them during drug investigations.

Depends. If the caller is using a burner or a phone unattached to him, then the DEA can intercept all they want. They aren't going to know that "34592" as a message means "the kilo of coke is ready for pickup at the regular location" unless they've extracted that info from one of the two parties involved. In that case, we're already toast.

Never trust anything that can communicate remotely

Your car, your phone, your tablet: all spying on you.

i'm also paying for my evidence collection device

[known_coward_69]

like if someone were to hit my car i can snap a location/date tagged photo after the event for evidence so the perp can't lie their way out of it. and my phone keeps a record of where i go, just in case the cops arrest me for something i didn't do like happened to a lot of people back in the good old days

"Something to hide"

[hackwrench]

I find it absurd how easily people don't realize that if you have a family, you do have "something to hide".

Re:Opting out

[fustakrakich]

Not really lost. We just have to "opt in" the entire ministry. We have cameras too. Let's make good use of the system. Since we can't stop the spying, let's just do what we can to remove the state's advantage.

Re:Never trust anything that can communicate remot

[mrchaotica]

My car can't spy on me; it was built before digital cell networks existed!

Re:i'm also paying for my evidence collection devi

[jxander]

A very useful tool in a society where you are assumed guilty and must prove your own innocence.

Its not about what I have to to hide TODAY.

[WolfgangVL]

Its about what I may want to keep to myself TOMORROW.

Nobody want your dick-pics....... until they make taking them a felony.... and then when you speak out against XYZ, you can be quietly dealt with, publicly shamed, and discredited.... all within the bounds of the law.

There was a time in my country when the people decided to make booze illegal. Maybe tomorrow some politic will make something *ELSE* I do every day illegal. See where I'm going with this? Nothing good will come of the vast stores of data we keep surrendering in exchange for pretty maps, trendy devices, and free email.

Ditch the smart-phone. Its not your ally. You don't really need it, and its making you less able. Its a crutch. Hell I know a guy who can't even drive home from work without a GPS system. I bet you know somebody like that too.

Buy yourself a dumb prepaid candybar (under your favorite cartoon characters name) if you REALLY feel you must have comms in your pocket, or your employment demands it you can make THEM buy it for you.

Your data has real VALUE. You are being ripped off every second of every day, so that advertisers can help rip you off even more tomorrow, and maximize yesterdays ripoff today.

ZOMG GOVERNMENT is watching me! = sounds like crazy ravings on purpose.

Re:Never trust anything that can communicate remot

[exomondo]

But if it's registered to you and you drive it on public roads then the opportunities for surveillance and tracking are not that difficult to comprehend. Indeed it happens with a lot of police vehicles, major arterials and certainly on toll roads.

Re:Duh

[tlhIngan]

The two are not mutually exclusive. You can facilitate communication and hide it, that is the exact purpose of cryptography.

You can hide the content but not the communication.

Fact is, you communicated with someone. Both endpoints are known, and their approximate locations, too. We also know how long you talked (or remained connected), if your position moved, who called whom, etc.

See, the call has both the data (the content), and the metadata (information about the call). The metadata cannot be encrypted as it's required in the setup and billing of the call, and thus is available.

It's just like using encryption for your internet packets - TCP and IP headers are all in the clear as they cannot be encrypted (they're needed for the public network to be able to send your packet onwards to the destination)

Heck, analyze a bit and you may be able to glean the content just from the way the traffic is flowing - the compression and protocol behaviors often have a unique fingerprint so unless countermeasures are taken it can provide useful information.