Every phone has a unique IMEI that is broadcast along with the SIM card number. If they've done their homework, then they're tracking the IMEI as well as the SIM card.
But even if one or two people did as you did, it would be meaningless noise in the sea of data.
There are RFCs that cover the transmission of syslog messages in a secure fashion. 5424, 5425, etc.
There are tools that store syslog messages - in plain text - in a secure fashion.
syslog-ng is just one of them.
This post is "old" and nothing more than a group of people reinventing the wheel.
The *only* way to solve tampering with log data is to store it on another machine and hope hackers don't get to that.
If a hacker gains access to a system with log files on it, the best you can do is make the logging tamper-evident. This means that if the hacker modifies the data, in any way, it can be detected. This includes hash recalculation.
Making the system tamper-evident with hashes simply means that all hashes require a secret input and that the input is only ever stored on the system for the next entry. If you know the secret input for hash#0, then you can calculate the secret input for hash#n, but knowing the secret input for hash#n does not tell you what it was for hash#(n-1). Similarly, the secret input for hash#0 is not stored on the system.
This is not as stupid as it sounds, hence the reason that newer filesystems (such as ZFS) calculate checksums for all data independent of those used by the hardware.
Similarly, people use RAID in hardware not only to mitigate hardware failure but data corruption.
To a certain extent, storing data in formats such as ZIP/RAR offers you the ability to be aware of data being corrupted through the use of checksums but alas recovery is limited.
If/when storage devices have an error rate of 0, then the parent to this is a joke.
If I connect my laptop to your Wifi network because you do not have a password, is that connection authorised without you saying I can do it?
If I connect my laptop to your Wifi network because I know your network password (lets say I guess it), is that connection authorised without you saying I can do it?
If I create a "guest" login on a web server that has no password and someone logs into it without my authorisiation, is that against the law or not?
If that "guest" login also has "guest" as a password and a hacker guesses both and logs in without my authorisation, is that against the law or not?
The correct answer to all four of these questions is "no." Accessing a private resource that you have not been given prior authorisation to access is effectively trespassing. Think of it like someone walking onto your property because you don't have a fence. Whilst it maybe careless and inviting trouble, in no instance does that recklessness on the part of the owner give others the right to do what they choose.
Just because the radio data is being broadcast and you can receive it, you are not automatically entitled to access or use hardware that is transmitting it or connected to the transmitter. Consider that when you connect to a wireless network that you are communicating with a wireless access point, not just receiving its data, and thereafter sending data to that network.
It has already been admitted by Google that they received data from wireless networks that in turn required them to actually connect to those wireless networks.
In actual fact, there is only one possible outcome in every case where a government is investigating at that is for Google to be found guilty. If anything else happens then it could be argued that not even encrypted data is private. The question isn't about what form the data takes but whether a 3rd party has a right to access it without authorisation.
Lets say that I collect a month of your encrypted wifi data and then break all of your encryption keys. I then post it all over the web. The data was broadcast over the airwaves, therefore it was public. That it was encrypted was just you believing, foolishly, that the data was private and therefore unable to be accessed by others. How would you feel about that? Whether or not the data is encrypted is beside the point - you're broadcasting it to everyone within about 100', so why should you have any right to privacy as a result of that broadcasting? If you want your encrypted data to be private then data that is not encrypted must also be private. Electromagnetic waves have no specific property that says "I'm private" or "I'm encrypted". The presence (or lack thereof) of encryption is not a representation of whether or not something is or should be private. Start by accepting that all privately transmitted radio data is private unless you're specifically broadcasting for public benefit.
Were you given the same evidence to consider as the Australian Government?
Or are you just making blind assumptions about what you think happened vs what really happened according to the evidence provided by Google to the Australian Government?
In other comments on this activity, it appears that you are wrong and that Google *did* actually connect to private (even if insecure) networks and *did* collect more than beacon data.
If you have evidence that can show that Google did not collect personal data, by all means share it.
Note, that Google worked with the Australian government and undoubtedly handed over whatever data it had collected. I'm pretty sure that the Australian Government would have handed the data to people familiar (if not experts) with this type of activity and asked them to analyse it. Thus the "guilty" is quite likely founded on real evidence, whereas your post is likely based on speculation.
If Google is not guilty then I'm sure they will appeal this to the courts. If they don't then that is Google agreeing with the Australian Government and disagreeing with you.
Slashdot Mirror
Every phone has a unique IMEI that is broadcast along with the SIM card number. If they've done their homework, then they're tracking the IMEI as well as the SIM card.
But even if one or two people did as you did, it would be meaningless noise in the sea of data.
There are RFCs that cover the transmission of syslog messages in a secure fashion. 5424, 5425, etc.
There are tools that store syslog messages - in plain text - in a secure fashion.
syslog-ng is just one of them.
This post is "old" and nothing more than a group of people reinventing the wheel.
The *only* way to solve tampering with log data is to store it on another machine and hope hackers don't get to that.
If a hacker gains access to a system with log files on it, the best you can do is make the logging tamper-evident. This means that if the hacker modifies the data, in any way, it can be detected. This includes hash recalculation.
Making the system tamper-evident with hashes simply means that all hashes require a secret input and that the input is only ever stored on the system for the next entry. If you know the secret input for hash#0, then you can calculate the secret input for hash#n, but knowing the secret input for hash#n does not tell you what it was for hash#(n-1). Similarly, the secret input for hash#0 is not stored on the system.
http://wikileaks.ch/WikiSecrets-Julian-Assange-Full.html
If you watch the PBS interview then read the transcript of the interview to see what was really said and in what context.
PBS is alleged to have used and cut the interview to present Assange in an anti-American perspective.
This is not as stupid as it sounds, hence the reason that newer filesystems (such as ZFS) calculate checksums for all data independent of those used by the hardware. Similarly, people use RAID in hardware not only to mitigate hardware failure but data corruption. To a certain extent, storing data in formats such as ZIP/RAR offers you the ability to be aware of data being corrupted through the use of checksums but alas recovery is limited. If/when storage devices have an error rate of 0, then the parent to this is a joke.
If I connect my laptop to your Wifi network because I know your network password (lets say I guess it), is that connection authorised without you saying I can do it?
If I create a "guest" login on a web server that has no password and someone logs into it without my authorisiation, is that against the law or not?
If that "guest" login also has "guest" as a password and a hacker guesses both and logs in without my authorisation, is that against the law or not?
The correct answer to all four of these questions is "no." Accessing a private resource that you have not been given prior authorisation to access is effectively trespassing. Think of it like someone walking onto your property because you don't have a fence. Whilst it maybe careless and inviting trouble, in no instance does that recklessness on the part of the owner give others the right to do what they choose.
Just because the radio data is being broadcast and you can receive it, you are not automatically entitled to access or use hardware that is transmitting it or connected to the transmitter. Consider that when you connect to a wireless network that you are communicating with a wireless access point, not just receiving its data, and thereafter sending data to that network.
It has already been admitted by Google that they received data from wireless networks that in turn required them to actually connect to those wireless networks.
In actual fact, there is only one possible outcome in every case where a government is investigating at that is for Google to be found guilty. If anything else happens then it could be argued that not even encrypted data is private. The question isn't about what form the data takes but whether a 3rd party has a right to access it without authorisation.
Lets say that I collect a month of your encrypted wifi data and then break all of your encryption keys. I then post it all over the web. The data was broadcast over the airwaves, therefore it was public. That it was encrypted was just you believing, foolishly, that the data was private and therefore unable to be accessed by others. How would you feel about that? Whether or not the data is encrypted is beside the point - you're broadcasting it to everyone within about 100', so why should you have any right to privacy as a result of that broadcasting? If you want your encrypted data to be private then data that is not encrypted must also be private. Electromagnetic waves have no specific property that says "I'm private" or "I'm encrypted". The presence (or lack thereof) of encryption is not a representation of whether or not something is or should be private. Start by accepting that all privately transmitted radio data is private unless you're specifically broadcasting for public benefit.
Or are you just making blind assumptions about what you think happened vs what really happened according to the evidence provided by Google to the Australian Government?
In other comments on this activity, it appears that you are wrong and that Google *did* actually connect to private (even if insecure) networks and *did* collect more than beacon data.
If you have evidence that can show that Google did not collect personal data, by all means share it.
Note, that Google worked with the Australian government and undoubtedly handed over whatever data it had collected. I'm pretty sure that the Australian Government would have handed the data to people familiar (if not experts) with this type of activity and asked them to analyse it. Thus the "guilty" is quite likely founded on real evidence, whereas your post is likely based on speculation.
If Google is not guilty then I'm sure they will appeal this to the courts. If they don't then that is Google agreeing with the Australian Government and disagreeing with you.