social.sokoll.com

Search

Items tagged with: surveillance

youtube-dl Is Not Gone


This headline had me really worried.

https://torrentfreak.com/riaa-takes-down-popular-open-source-youtube-dl-software-201024/

However, youtube-dl is not gone. It's only gone from GitHub, which all right-thinking projects have already left, anyway. (Check out https://codeberg.org/).

We can install youtube-dl now the way we always have.
sudo curl -L [url=https://yt-dl.org/downloads/latest/youtube-dl]https://yt-dl.org/downloads/latest/youtube-dl[/url] -o /usr/local/bin/youtube-dl 
sudo chmod a+rx /usr/local/bin/youtube-dl

As someone pointed out to me a while back, you can also install it in distros where ~/bin is in PATH like this.
curl -L [url=https://yt-dl.org/downloads/latest/youtube-dl]https://yt-dl.org/downloads/latest/youtube-dl[/url] -o ~/bin/youtube-dl 
chmod 755 ~/bin/youtube-dl

This allows you to update youtube-dl without using sudo. We update youtube-dl with youtube-dl -U. It's necessary to update youtube-dl often.

See https://yt-dl.org/ for more info about youtube-dl.

#privacy #surveillance #freedom #youtube #youtube-dl #download #downloads #video #videos #invidious
RIAA Takes Down Popular Open Source YouTube-DL Software
 

youtube-dl Is Not Gone


This headline had me really worried.

https://torrentfreak.com/riaa-takes-down-popular-open-source-youtube-dl-software-201024/

However, youtube-dl is not gone. It's only gone from GitHub, which all right-thinking projects have already left, anyway. (Check out https://codeberg.org/).

We can install youtube-dl now the way we always have.
sudo curl -L [url=https://yt-dl.org/downloads/latest/youtube-dl]https://yt-dl.org/downloads/latest/youtube-dl[/url] -o /usr/local/bin/youtube-dl 
sudo chmod a+rx /usr/local/bin/youtube-dl

As someone pointed out to me a while back, you can also install it in distros where ~/bin is in PATH like this.
curl -L [url=https://yt-dl.org/downloads/latest/youtube-dl]https://yt-dl.org/downloads/latest/youtube-dl[/url] -o ~/bin/youtube-dl 
chmod 755 ~/bin/youtube-dl

This allows you to update youtube-dl without using sudo. We update youtube-dl with youtube-dl -U. It's necessary to update youtube-dl often.

See https://yt-dl.org/ for more info about youtube-dl.

#privacy #surveillance #freedom #youtube #youtube-dl #download #downloads #video #videos #invidious
RIAA Takes Down Popular Open Source YouTube-DL Software
 
If you're trying to anonymize photos, one step is using a tool like this to remove metadata. Another is resizing or changing the file type. It took several years for people to discover that most laser printers embed information identifying the specific printer into every page printed, and it's possible that digital cameras do the same. The most difficult step is figuring out how to release the photo to the public in a way that won't be easily traceable.
reshare from @Clarice Boomshakalaka Bouvier




Please share it



https://everestpipkin.github.io/image-scrubber/

#protest #tips #tech #metadata #photo #github

#surveillance
 
If you're trying to anonymize photos, one step is using a tool like this to remove metadata. Another is resizing or changing the file type. It took several years for people to discover that most laser printers embed information identifying the specific printer into every page printed, and it's possible that digital cameras do the same. The most difficult step is figuring out how to release the photo to the public in a way that won't be easily traceable.
reshare from @Clarice Boomshakalaka Bouvier




Please share it



https://everestpipkin.github.io/image-scrubber/

#protest #tips #tech #metadata #photo #github

#surveillance
 
Bild/Foto

Dont bring your phones to protests, especially in Minnesota where they use Stingray Trackers and were last night.

If you own a twitter / facebook account, i don't, please share this information !


#Minneapolis #JusticeForGeorgeFloyd
#BlackLivesMatter #riot #protest #tech
#surveillance
 
Bild/Foto

Dont bring your phones to protests, especially in Minnesota where they use Stingray Trackers and were last night.

If you own a twitter / facebook account, i don't, please share this information !


#Minneapolis #JusticeForGeorgeFloyd
#BlackLivesMatter #riot #protest #tech
#surveillance
 

Snowden warns: The surveillance states we’re creating now will outlast the coronavirus


Temporary security measures can soon become permanent

https://thenextweb.com/neural/2020/03/25/snowden-warns-the-surveillance-states-were-creating-now-will-outlast-the-coronavirus/

#coronavirus #covid19 #surveillance #privacy #permanent #snowden
 

Snowden warns: The surveillance states we’re creating now will outlast the coronavirus


Temporary security measures can soon become permanent

https://thenextweb.com/neural/2020/03/25/snowden-warns-the-surveillance-states-were-creating-now-will-outlast-the-coronavirus/

#coronavirus #covid19 #surveillance #privacy #permanent #snowden
 

Bruce Schneier: Emergency Surveillance During COVID-19 Crisis:

[A]ny data collection and digital monitoring of potential carriers of COVID-19 should take into consideration and commit to these principles:
  • Privacy intrusions must be necessary and proportionate. A program that collects, en masse, identifiable information about people must be scientifically justified and deemed necessary by public health experts for the purpose of containment. And that data processing must be proportionate to the need. For example, maintenance of 10 years of travel history of all people would not be proportionate to the need to contain a disease like COVID-19, which has a two-week incubation period.
  • Data collection based on science, not bias. Given the global scope of communicable diseases, there is historical precedent for improper government containment efforts driven by bias based on nationality, ethnicity, religion, and race­ -- rather than facts about a particular individual's actual likelihood of contracting the virus...
  • Expiration. ... The government and its corporate cooperators must roll back any invasive programs created in the name of public health after crisis has been contained.
  • Transparency. Any government use of \"big data\" to track virus spread must be clearly and quickly explained to the public....
  • Due Process. If the government seeks to limit a person's rights based on this \"big data\" surveillance ... then the person must have the opportunity to timely and fairly challenge these conclusions and limits.
Abridged from original, well worth reading in full.

https://www.schneier.com/blog/archives/2020/03/emergency_surve.html

#covid19 #privacy #surveillance #surveillanceState #surveillanceCapitalism #BruceSchneier
 

Bruce Schneier: Emergency Surveillance During COVID-19 Crisis:

[A]ny data collection and digital monitoring of potential carriers of COVID-19 should take into consideration and commit to these principles:
  • Privacy intrusions must be necessary and proportionate. A program that collects, en masse, identifiable information about people must be scientifically justified and deemed necessary by public health experts for the purpose of containment. And that data processing must be proportionate to the need. For example, maintenance of 10 years of travel history of all people would not be proportionate to the need to contain a disease like COVID-19, which has a two-week incubation period.
  • Data collection based on science, not bias. Given the global scope of communicable diseases, there is historical precedent for improper government containment efforts driven by bias based on nationality, ethnicity, religion, and race­ -- rather than facts about a particular individual's actual likelihood of contracting the virus...
  • Expiration. ... The government and its corporate cooperators must roll back any invasive programs created in the name of public health after crisis has been contained.
  • Transparency. Any government use of \"big data\" to track virus spread must be clearly and quickly explained to the public....
  • Due Process. If the government seeks to limit a person's rights based on this \"big data\" surveillance ... then the person must have the opportunity to timely and fairly challenge these conclusions and limits.
Abridged from original, well worth reading in full.

https://www.schneier.com/blog/archives/2020/03/emergency_surve.html

#covid19 #privacy #surveillance #surveillanceState #surveillanceCapitalism #BruceSchneier
 

The local police are telling people what I'm doing? I don't think I like it | ZDNet


#California #surveillance
 
Bild/Foto

Private WhatsApp groups visible in Google searches

Your #WhatsApp groups may not be as secure as you think they are


Google is indexing invite links to private WhatsApp group chats. This means with a simple search anyone can discover and join these groups including ones the administrator may want to keep private.

Does #Google care about your privacy and security? No.

Does #Facebook honestly care about your privacy and security? No.

https://www.dw.com/en/private-whatsapp-groups-visible-in-google-searches/a-52468603

#Facebook #chat #apps #privacy #security #surveillance #messaging #im
 
Bild/Foto

Private WhatsApp groups visible in Google searches

Your #WhatsApp groups may not be as secure as you think they are


Google is indexing invite links to private WhatsApp group chats. This means with a simple search anyone can discover and join these groups including ones the administrator may want to keep private.

Does #Google care about your privacy and security? No.

Does #Facebook honestly care about your privacy and security? No.

https://www.dw.com/en/private-whatsapp-groups-visible-in-google-searches/a-52468603

#Facebook #chat #apps #privacy #security #surveillance #messaging #im
 
Bild/Foto

Private WhatsApp groups visible in Google searches

Your #WhatsApp groups may not be as secure as you think they are


Google is indexing invite links to private WhatsApp group chats. This means with a simple search anyone can discover and join these groups including ones the administrator may want to keep private.

Does #Google care about your privacy and security? No.

Does #Facebook honestly care about your privacy and security? No.

https://www.dw.com/en/private-whatsapp-groups-visible-in-google-searches/a-52468603

#Facebook #chat #apps #privacy #security #surveillance #messaging #im
 

SHA-1 is a Shambles

First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust


https://eprint.iacr.org/2020/014.pdf

Below is the abstract from the article. The most concerning thing here is the ability to forge signatures of keys. As you know if you read my posts, I have always argued that we should never sign other people's keys. Even without the problem of possible forged signatures using the technique in the article, key-signing harms privacy.

The only key signature created by EasyGPG is the signature on a newly created key pair.

printf "${newkeyattr}" | env TZ=UTC gpg --homedir "${keydir}" --batch --use-agent --cert-digest-algo "SHA512" --s2k-cipher-algo "AES256" --s2k-digest-algo "SHA512" --s2k-mode 3 --s2k-count 32000000 --status-file "${temp}" --gen-key 2> /dev/null

Notice that SHA512 is used. As for signatures on messages and encrypted files, see below (after the abstract). EasyGPG always uses SHA512.

Abstract. The SHA-1 hash function was designed in 1995 and has been widely used
during two decades. A theoretical collision attack was first proposed in 2004 [WYY05],
but due to its high complexity it was only implemented in practice in 2017, using
a large GPU cluster [SBK + 17]. More recently, an almost practical chosen-prefix
collision attack against SHA-1 has been proposed [LP19]. This more powerful attack
allows to build colliding messages with two arbitrary prefixes, which is much more
threatening for real protocols.
In this paper, we report the first practical implementation of this attack, and its
impact on real-world security with a PGP/GnuPG impersonation attack. We managed
to significantly reduce the complexity of collisions attack against SHA-1: on an Nvidia
GTX 970, identical-prefix collisions can now be computed with a complexity of 2 61.2
rather than 2 64.7 , and chosen-prefix collisions with a complexity of 2 63.4 rather than
2 67.1 . When renting cheap GPUs, this translates to a cost of 11k US$ for a collision,
and 45k US$ for a chosen-prefix collision, within the means of academic researchers.
Our actual attack required two months of computations using 900 Nvidia GTX 1060
GPUs (we paid 75k US$ because GPU prices were higher, and we wasted some time
preparing the attack).
Therefore, the same attacks that have been practical on MD5 since 2009 are now
practical on SHA-1. In particular, chosen-prefix collisions can break signature schemes
and handshake security in secure channel protocols (TLS, SSH). We strongly advise
to remove SHA-1 from those type of applications as soon as possible.
We exemplify our cryptanalysis by creating a pair of PGP/GnuPG keys with different
identities, but colliding SHA-1 certificates. A SHA-1 certification of the first key can
therefore be transferred to the second key, leading to a forgery. This proves that
SHA-1 signatures now offers virtually no security in practice. The legacy branch of
GnuPG still uses SHA-1 by default for identity certifications, but after notifying the
authors, the modern branch now rejects SHA-1 signatures (the issue is tracked as
CVE-2019-14855).
Keywords:
$ grep "gpg" easygpg.sh | grep " -s " 
  encryptedText=`printf "%s\n" "${theText}" | gpg --homedir "${keydir}" -a --trust-model always --textmode -s -u "${senderID}" -e ${recipients} --no-emit-version --no-encrypt-to --personal-digest-preferences "SHA512 SHA384 SHA256" --personal-compress-preferences "ZLIB BZIP2 ZIP" --personal-cipher-preferences "AES256 TWOFISH CAMELLIA256 AES192 AES" --use-agent --no-tty -` 
  printf "%s\n" "${theText}" | gpg --homedir "${keydir}" -a --trust-model always --textmode -s -u "${senderID}" --no-emit-version --personal-digest-preferences "SHA512 SHA384 SHA256" --personal-compress-preferences "ZLIB BZIP2 ZIP" --personal-cipher-preferences "AES256 TWOFISH CAMELLIA256 AES192 AES" --use-agent --no-tty - | xclip -i -selection clipboard 
      (tar --numeric-owner -c "$(basename "${filename}")" | gpg --homedir "${keydir}" --trust-model always -a -s -u "${senderID}" -e ${recipients} --no-emit-version --no-encrypt-to --personal-digest-preferences "SHA512 SHA384 SHA256" --personal-compress-preferences "ZLIB BZIP2 ZIP" --personal-cipher-preferences "AES256 TWOFISH CAMELLIA256 AES192 AES" --use-agent --no-tty --yes -o "${savepath}" -) | zenity --progress --text="Encrypting..." --pulsate --auto-close --no-cancel 
      (tar --numeric-owner -c "$(basename "${filename}")" | gpg --homedir "${keydir}" --trust-model always -s -u "${senderID}" -e ${recipients} --no-emit-version --no-encrypt-to --personal-digest-preferences "SHA512 SHA384 SHA256" --personal-compress-preferences "ZLIB BZIP2 ZIP" --personal-cipher-preferences "AES256 TWOFISH CAMELLIA256 AES192 AES" --use-agent --no-tty --yes -o "${savepath}" -) | zenity --progress --text="Encrypting..." --pulsate --auto-close --no-cancel 
    tar --numeric-owner -c "$(basename "${filename}")" | gpg --homedir "${keydir}" -a --trust-model always -s -u "${senderID}" --no-emit-version --personal-digest-preferences "SHA512 SHA384 SHA256" --personal-compress-preferences "ZLIB BZIP2 ZIP" --personal-cipher-preferences "AES256 TWOFISH CAMELLIA256 AES192 AES" --use-agent --no-tty --yes -o "${savepath}" - 
    printf "%s\n" "${theText}" | gpg --homedir "${keydir}" -a --trust-model always --textmode -s -u "${senderID}" -e -R "${senderID}" --no-emit-version --no-encrypt-to --personal-digest-preferences "SHA512 SHA384 SHA256" --personal-compress-preferences "ZLIB BZIP2 ZIP" --personal-cipher-preferences "AES256 TWOFISH CAMELLIA256 AES192 AES" --use-agent --no-tty - > "${savepath}" 
    printf "%s\n" "${theText}" | gpg --homedir "${keydir}" -a --trust-model always --textmode -s -u "${senderID}" -e -R "${senderID}" --no-emit-version --no-encrypt-to --personal-digest-preferences "SHA512 SHA384 SHA256" --personal-compress-preferences "ZLIB BZIP2 ZIP" --personal-cipher-preferences "AES256 TWOFISH CAMELLIA256 AES192 AES" --use-agent --no-tty - > "${savepath}"

#easygpg #gpg #encryption #privacy #surveillance #security #cryptography
 

SHA-1 is a Shambles

First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust


https://eprint.iacr.org/2020/014.pdf

Below is the abstract from the article. The most concerning thing here is the ability to forge signatures of keys. As you know if you read my posts, I have always argued that we should never sign other people's keys. Even without the problem of possible forged signatures using the technique in the article, key-signing harms privacy.

The only key signature created by EasyGPG is the signature on a newly created key pair.

printf "${newkeyattr}" | env TZ=UTC gpg --homedir "${keydir}" --batch --use-agent --cert-digest-algo "SHA512" --s2k-cipher-algo "AES256" --s2k-digest-algo "SHA512" --s2k-mode 3 --s2k-count 32000000 --status-file "${temp}" --gen-key 2> /dev/null

Notice that SHA512 is used. As for signatures on messages and encrypted files, see below (after the abstract). EasyGPG always uses SHA512.

Abstract. The SHA-1 hash function was designed in 1995 and has been widely used
during two decades. A theoretical collision attack was first proposed in 2004 [WYY05],
but due to its high complexity it was only implemented in practice in 2017, using
a large GPU cluster [SBK + 17]. More recently, an almost practical chosen-prefix
collision attack against SHA-1 has been proposed [LP19]. This more powerful attack
allows to build colliding messages with two arbitrary prefixes, which is much more
threatening for real protocols.
In this paper, we report the first practical implementation of this attack, and its
impact on real-world security with a PGP/GnuPG impersonation attack. We managed
to significantly reduce the complexity of collisions attack against SHA-1: on an Nvidia
GTX 970, identical-prefix collisions can now be computed with a complexity of 2 61.2
rather than 2 64.7 , and chosen-prefix collisions with a complexity of 2 63.4 rather than
2 67.1 . When renting cheap GPUs, this translates to a cost of 11k US$ for a collision,
and 45k US$ for a chosen-prefix collision, within the means of academic researchers.
Our actual attack required two months of computations using 900 Nvidia GTX 1060
GPUs (we paid 75k US$ because GPU prices were higher, and we wasted some time
preparing the attack).
Therefore, the same attacks that have been practical on MD5 since 2009 are now
practical on SHA-1. In particular, chosen-prefix collisions can break signature schemes
and handshake security in secure channel protocols (TLS, SSH). We strongly advise
to remove SHA-1 from those type of applications as soon as possible.
We exemplify our cryptanalysis by creating a pair of PGP/GnuPG keys with different
identities, but colliding SHA-1 certificates. A SHA-1 certification of the first key can
therefore be transferred to the second key, leading to a forgery. This proves that
SHA-1 signatures now offers virtually no security in practice. The legacy branch of
GnuPG still uses SHA-1 by default for identity certifications, but after notifying the
authors, the modern branch now rejects SHA-1 signatures (the issue is tracked as
CVE-2019-14855).
Keywords:
$ grep "gpg" easygpg.sh | grep " -s " 
  encryptedText=`printf "%s\n" "${theText}" | gpg --homedir "${keydir}" -a --trust-model always --textmode -s -u "${senderID}" -e ${recipients} --no-emit-version --no-encrypt-to --personal-digest-preferences "SHA512 SHA384 SHA256" --personal-compress-preferences "ZLIB BZIP2 ZIP" --personal-cipher-preferences "AES256 TWOFISH CAMELLIA256 AES192 AES" --use-agent --no-tty -` 
  printf "%s\n" "${theText}" | gpg --homedir "${keydir}" -a --trust-model always --textmode -s -u "${senderID}" --no-emit-version --personal-digest-preferences "SHA512 SHA384 SHA256" --personal-compress-preferences "ZLIB BZIP2 ZIP" --personal-cipher-preferences "AES256 TWOFISH CAMELLIA256 AES192 AES" --use-agent --no-tty - | xclip -i -selection clipboard 
      (tar --numeric-owner -c "$(basename "${filename}")" | gpg --homedir "${keydir}" --trust-model always -a -s -u "${senderID}" -e ${recipients} --no-emit-version --no-encrypt-to --personal-digest-preferences "SHA512 SHA384 SHA256" --personal-compress-preferences "ZLIB BZIP2 ZIP" --personal-cipher-preferences "AES256 TWOFISH CAMELLIA256 AES192 AES" --use-agent --no-tty --yes -o "${savepath}" -) | zenity --progress --text="Encrypting..." --pulsate --auto-close --no-cancel 
      (tar --numeric-owner -c "$(basename "${filename}")" | gpg --homedir "${keydir}" --trust-model always -s -u "${senderID}" -e ${recipients} --no-emit-version --no-encrypt-to --personal-digest-preferences "SHA512 SHA384 SHA256" --personal-compress-preferences "ZLIB BZIP2 ZIP" --personal-cipher-preferences "AES256 TWOFISH CAMELLIA256 AES192 AES" --use-agent --no-tty --yes -o "${savepath}" -) | zenity --progress --text="Encrypting..." --pulsate --auto-close --no-cancel 
    tar --numeric-owner -c "$(basename "${filename}")" | gpg --homedir "${keydir}" -a --trust-model always -s -u "${senderID}" --no-emit-version --personal-digest-preferences "SHA512 SHA384 SHA256" --personal-compress-preferences "ZLIB BZIP2 ZIP" --personal-cipher-preferences "AES256 TWOFISH CAMELLIA256 AES192 AES" --use-agent --no-tty --yes -o "${savepath}" - 
    printf "%s\n" "${theText}" | gpg --homedir "${keydir}" -a --trust-model always --textmode -s -u "${senderID}" -e -R "${senderID}" --no-emit-version --no-encrypt-to --personal-digest-preferences "SHA512 SHA384 SHA256" --personal-compress-preferences "ZLIB BZIP2 ZIP" --personal-cipher-preferences "AES256 TWOFISH CAMELLIA256 AES192 AES" --use-agent --no-tty - > "${savepath}" 
    printf "%s\n" "${theText}" | gpg --homedir "${keydir}" -a --trust-model always --textmode -s -u "${senderID}" -e -R "${senderID}" --no-emit-version --no-encrypt-to --personal-digest-preferences "SHA512 SHA384 SHA256" --personal-compress-preferences "ZLIB BZIP2 ZIP" --personal-cipher-preferences "AES256 TWOFISH CAMELLIA256 AES192 AES" --use-agent --no-tty - > "${savepath}"

#easygpg #gpg #encryption #privacy #surveillance #security #cryptography
 

Dutch Ruling a Victory for Rights of the Poor | Human Rights Watch


Good news!
#surveillance #humanRights
 

Tag 2 #36C3: #Vortragsempfehlugen für Sozial- & Gemeinwesenarbeitende


Die Livestreams findet ihr hier nach Räumen sortiert: https://streaming.media.ccc.de/36c3/

Sa, 28.12.2019#digitaleSoA #servicepost #livestream #ccc #talks #aboutsocial
 

Tag 2 #36C3: #Vortragsempfehlugen für Sozial- & Gemeinwesenarbeitende


Die Livestreams findet ihr hier nach Räumen sortiert: https://streaming.media.ccc.de/36c3/

Sa, 28.12.2019#digitaleSoA #servicepost #livestream #ccc #talks #aboutsocial
 
Überwachungsfirma FinFisher geht mit Anwälten gegen unsere kritische Berichterstattung vor




#Netzpolitik #FinFisher #Überwachung #Surveillance #Security #Privacy #Internet
Überwachungsfirma FinFisher geht mit Anwälten gegen unsere kritische Berichterstattung vor
 
Überwachungsfirma FinFisher geht mit Anwälten gegen unsere kritische Berichterstattung vor




#Netzpolitik #FinFisher #Überwachung #Surveillance #Security #Privacy #Internet
Überwachungsfirma FinFisher geht mit Anwälten gegen unsere kritische Berichterstattung vor
 
I do not use WhatsApp, for what it's worth, nor any other software owned or operated by Facebook. (I recommend Signal instead of WhatsApp.)

Facebook, WhatsApp Will Have to Share Messages With U.K. Police

"Social media platforms based in the U.S. including Facebook and WhatsApp will be forced to share users’ encrypted messages with British police under a new treaty between the two countries, according to a person familiar with the matter."

"The accord, which is set to be signed by next month, will compel social media firms to share information to support investigations into individuals suspected of serious criminal offenses including terrorism and pedophilia, the person said."

#Facebook #WhatsApp #surveillance #privacy
 
I do not use WhatsApp, for what it's worth, nor any other software owned or operated by Facebook. (I recommend Signal instead of WhatsApp.)

Facebook, WhatsApp Will Have to Share Messages With U.K. Police

"Social media platforms based in the U.S. including Facebook and WhatsApp will be forced to share users’ encrypted messages with British police under a new treaty between the two countries, according to a person familiar with the matter."

"The accord, which is set to be signed by next month, will compel social media firms to share information to support investigations into individuals suspected of serious criminal offenses including terrorism and pedophilia, the person said."

#Facebook #WhatsApp #surveillance #privacy
 

The fashion line designed to trick surveillance cameras | World news | The Guardian


Thanks to @Antti Brax
#surveillance

@Daily Anarchist Meme For Cool People This is creative!
 
Police in Canada Are Tracking People’s ‘Negative’ Behavior In a ‘Risk’ Database - VICE

@Su Ann Lim I just read this article and it's crazy that this system is built. Reminds me of the Chinese social score system.

#Canada #Surveillance
 

Interview: China’s ‘Big Brother’ App | Human Rights Watch


The app provides an unprecedented window into mass surveillance in Xinjiang. It aggregates data – from people’s blood type and height, to information about their electricity usage and package deliveries – and alerts authorities when it deems someone or something suspicious. It is part of the Integrated Joint Operations Platform (IJOP), the main system for mass surveillance in Xinjiang. Human Rights Watch “reverse engineered” the app, and Nazish Dholakia spoke to Human Rights Watch senior China researcher Maya Wang about what the process revealed.

@Bernd Paysan

#BugBrother #China #App #Surveillance
 
#AI #surveillance #escape

This colorful printed patch makes you pretty much invisible to AI - The Verge



The rise of AI-powered surveillance is extremely worrying. The ability of governments to track and identify citizens en masse could spell an end to public anonymity. But as researchers have shown time and time again, there are ways to trick such systems.

The latest example comes from a group of engineers from the university of KU Leuven in Belgium. In a paper shared last week on the preprint server arXiv, these students show how simple printed patterns can fool an AI system that’s designed to recognize people in images.

If you print off one of the students’ specially designed patches and hang it around your neck, from an AI’s point of view, you may as well have slipped under an invisibility cloak.

As the researchers write: “We believe that, if we combine this technique with a sophisticated clothing simulation, we can design a T-shirt print that can make a person virtually invisible for automatic surveillance cameras.” (They don’t mention it, but this is, famously, an important plot device in the sci-fi novel Zero History by William Gibson.)
 
#AI #surveillance #escape

This colorful printed patch makes you pretty much invisible to AI - The Verge



The rise of AI-powered surveillance is extremely worrying. The ability of governments to track and identify citizens en masse could spell an end to public anonymity. But as researchers have shown time and time again, there are ways to trick such systems.

The latest example comes from a group of engineers from the university of KU Leuven in Belgium. In a paper shared last week on the preprint server arXiv, these students show how simple printed patterns can fool an AI system that’s designed to recognize people in images.

If you print off one of the students’ specially designed patches and hang it around your neck, from an AI’s point of view, you may as well have slipped under an invisibility cloak.

As the researchers write: “We believe that, if we combine this technique with a sophisticated clothing simulation, we can design a T-shirt print that can make a person virtually invisible for automatic surveillance cameras.” (They don’t mention it, but this is, famously, an important plot device in the sci-fi novel Zero History by William Gibson.)
 
I work in mobile app development and the technology out there to spy on you is pretty insane. There is a whole industry for snooping and reselling data. Here are some examples.

There are several SDKs (software development kits) that offer fingerprinting identity services. Meaning, when someone opens your app, it checks their device ID, IP address, GPS location, email address, etc. and makes a match to an identity. You then use this SDK to track their behavior in your app, such as purchases, interests, demographics, preferences, etc. This data is stored along with all the other apps that use the SDK. Now as an upsell, I can buy all of your behavior data from every other app that uses the same service. From the moment you install the app I know everything about you.

There are SDKs that don’t even offer a service, they just straight up pay the app maker to let their agent sit and collect data and send it up to their servers. Mostly location data.

My favorite is there’s an SDK that actually records the screen while you use the app, and the video gets sent up to the server for the app maker to see how you use their app in real time. It also tracks all of your views, swipes, and button presses tied to the video for analytics.

Basically, you should assume that every moment you are using an internet connected device, you are being observed, scrutinized, and analyzed so that someone can sell you more shit.

They are really good at this, and getting better every year. You think Facebook is listening to your microphone to serve you ads at the moment you are discussing a product? They don’t need to. They know you that well.

Edit: A lot of people are asking for specific examples of this monitoring tech. There are a ton of small players. So an example of location tracking is Tamoco. An example of behavior tracking is Branch.io (they don't advertise the data mining, but it's a back-end deal). And session monitoring is AppSee or HotJar. There are many more that I haven't heard of.

There are a ton of data resellers out there. They're typically small startups who buy and sell data, and they compete on having the most comprehensive and clean data sets. We get approached by a data reseller maybe once a month, either trying to buy our data or sell us data.

Edit: A lot of people are flippant about this idea because you "don't click on ads" or you "don't buy anything". There are people who aren't interested in just selling you products. How about voting for a particular political candidate, or for/against a ballot measure? How about selling you a particular world view? Propaganda is just like advertising, they're just selling you an idea instead of a product.
#android #ios #programming #development #app #apps #phone #smartphone #sdk #hotjar #facebook #appsee #branch.io #tamoco #surveillance #privacy #encryption
 
Later posts Earlier posts