Got Google / Android? You ARE Being Tracked.

Makes me all happy, warm, and fuzzy that when I bought my (one and only) Android Tablet I deliberately bought it without any “radio” (for reaching a Telco as a cell phone) in it. It can only “connect” via WiFi and I can turn that off.

I ran into these two stories while looking for something else, but y’all ought to know that IF you have an Android / Google product, these issues must be addressed or it IS tracking you.

https://globalnews.ca/news/2746703/google-maps-timeline-why-a-little-known-google-feature-tracked-me-for-months/

June 11, 2016 11:00 am
Google Maps Timeline: Why a little-known Google feature tracked me for months
By Patrick Cain National Online Journalist, News Global News

Here’s why you need to start paying attention to Google Maps Timeline, an obscure Google feature you’ve probably never heard of.

I went over to a friend’s house a few days ago.

I arrived at 8:51 p.m. after a six-minute walk, and sat in the back yard until 10:11, a total of 80 minutes.

I don’t usually keep track of my life at this level of detail. But it turns out that between them, Google and my Android phone do.

Since April, when I got the phone and activated the Google Maps app, the phone has been reporting my comings and goings, all of which are mapped and are visible if I’m logged in to my Google account. Have a look at your version — there may be data on you.
[…]
Can I trust Google with all this data I didn’t know was being gathered? For the sake of argument, let’s say the answer is yes.

A search for “google maps timeline” creepy gets dozens of results. I see the point, and somewhat agree, but on the other hand we have to give Google credit for transparency.
[…]
Now, let’s change a few pronouns around. I’ll use myself as an example.

Cain’s Timeline in Google Maps helps you easily visualize the places he has been on a given day, month or year — providing a useful map of his life. This feature helps you visualize his real-world routines, easily view the trips he’s taken and get a glimpse of the places he spends his time.

Not surprisingly, police have started to explore the possibilities. Earlier this year, the FBI served Google with a warrant in which they sought Android location data which they hoped would place a California man they were investigating for bank robbery at the scene of the crime.

The data should be precise enough to place Timothy Graham in the Bank of America in Ramona, Calif. on the day in question, supposing he robbed the bank and was dumb enough to bring his phone along as well as the “painter’s mask, hat and glasses” that witnesses described to police.

One wonders how many military personnel have Android phones with maps turned on… and what a TLA (Three Letter Agency) would do to get their hands on all that data for all global governments and militaries…

https://globalnews.ca/news/4386516/turn-off-google-tracking-feature/

August 14, 2018 3:20 pm
Updated: August 15, 2018 10:12 am
Here’s how to turn off Google’s other tracking feature that you didn’t know about
By Patrick Cain National Online Journalist, News Global News

A while back, we told you about Google Maps Timeline, a little-known feature that provides a minute-by-minute record of your physical movements available to you — and anyone else with access to your account.

Like many of these features, it’s easy enough to turn off — once you know about it.
[…]
We had yet another reminder of this on Monday when the Associated Press reported that Google was tracking users’ movements through a completely separate process, much less transparent than Google Timeline, that still works even if you turn Google Timeline off.

“Even with Location History paused, some Google apps automatically store time-stamped location data without asking,” AP technology reporter Ryan Nakaskima wrote. Users’ locations can be tracked to the square foot.
[…]
To chop off this particular head, however, here’s what to do:

In Activity Controls (follow this link: Google may want you to sign in again), and move the slider to the left:

Click Pause:

Has useful screen shots and interesting banter in the original so anyone on Android: Hit the link…

Or better yet, get a dumb phone…

Subscribe to feed

Advertisements
Posted in Tech Bits | Tagged , , , , , , | 24 Comments

Oh My! Nano Thermometers Are Not Determinant

https://phys.org/news/2018-08-hot-schrodinger-coffee.html

How hot is Schrodinger’s coffee?
August 14, 2018, University of Exeter

A new uncertainty relation, linking the precision with which temperature can be measured and quantum mechanics, has been discovered at the University of Exeter.

If you measure the temperature of your coffee with a standard over-the counter thermometer you may find 90°C give or take 0.5°C. The temperature uncertainty in your reading arises because the mercury level in the thermometer fluctuates a little bit, due to microscopic collisions of the mercury atoms.

Things become more interesting when trying to measure the temperature of small objects, such as nanometer devices or single cells. To obtain precise measurements one needs to use tiny nanoscale thermometers made up of just a few atoms.

The team at Exeter has developed a new theoretical framework that allows the characterisation of small-scale thermometers and establishes their ultimate achievable accuracy. It turns out that under certain circumstances the uncertainty in temperature readings are prone to additional fluctuations, which arise because of quantum effects.

Specifically, tiny thermometers can be in a superposition between different temperatures, e.g. 90.5°C and 89.5°C, just like Schrödinger’s cat can be in a superposition between being dead and alive.

So I guess “Size Matters” ;-)

Subscribe to feed

Posted in Science Bits | Tagged , , | 4 Comments

F2F – Friend To Friend Networking

There are times when the Tech Geek perspective has you running off to “roll your own” only to find out dozens of others have already “gone there”. I was focused on P2P Peer To Peer data sharing and how to layer services on top of that. Where others had gone on to F2F Friend To Friend systems.

Lately I’ve been looking at the next layer up from “provably secure computer” to “secure and private communications”. My (tech guy) POV was to start with a VPN and then add layers on top of it for things like voice and email. Turns out there are applications that already have the bundle up and running.

Now it will not be secure against a determined TLA (Three Letter Agency) as they can penetrate the vendors and download sites (and even create false apps that you think are safe but are compromised.) But few of us are of interest to the TLAs. For most folks, the desire is to just not get spam about Depends because you sent an email to an incontinent friend in the hospital, or have that “Buy this boat!” ad following around everyone in the house because you Googled boats… it is more than enough.

The key phrase to search is “Friend To Friend” or F2F networking.

Interesting sidebar:

This also turns up non-computer “friend to friend” shares that can also be interesting. My first search found a network of farmers looking to bypass the big Agra-Business control of seeds.

https://www.farmersbusinessnetwork.com/

Then there’s another one for financial transactions without banks:

This article describes it:

https://www.masternewmedia.org/news/2005/06/27/p2p_can_cut_banks_out.htm

Conceived by Ryan Fugger and quite formally defined by Sylvain Poirier, Ripple is a P2P monetary system based on trust that already exists between people in real-world social networks.

By cutting out the institutional middlemen, Ripple is both more community-oriented and more efficient as a means of exchange.

The Site: https://ripple.com/

So looks like this whole bypass Central Authority and Central Services thing is catching on ;-)

F2F For Data / Communications

First off, a Wiki List:

https://en.wikipedia.org/wiki/Friend-to-friend

A friend-to-friend (or F2F) computer network is a type of peer-to-peer network in which users only make direct connections with people they know. Passwords or digital signatures can be used for authentication.

Unlike other kinds of private P2P, users in a friend-to-friend network cannot find out who else is participating beyond their own circle of friends, so F2F networks can grow in size without compromising their users’ anonymity. Retroshare, WASTE, GNUnet, Freenet and OneSwarm are examples of software that can be used to build F2F networks, though RetroShare is the only one of these configured for friend-to-friend operation by default.

Many F2F networks support indirect anonymous or pseudonymous communication between users who do not know or trust one another.
For example, a node in a friend-to-friend overlay can automatically forward a file (or a request for a file) anonymously between two friends, without telling either of them the other’s name or IP address. These friends can in turn automatically forward the same file (or request) to their own friends, and so on.

I’d mentioned Retroshare (and the version on the Raspberry Pi called PiShare) in a series of off topic comments here:

https://chiefio.wordpress.com/2018/08/14/feynman-physical-law-locality-of-conservation/#comment-99007

And the larger context posting is here:

https://chiefio.wordpress.com/2018/08/13/computer-security-privacy-functions-an-overview-questions/

But the others in that Wiki quote also ought to be investigated / evaluated.

There is also a Friends Collective of sort pushing F2F and distributed “altruistic” non-Central Services. This, too, is something that needs a look-see:

http://www.altruists.org/projects/ge/ff/

Along the way I ran into this interesting application:

https://twin.me/en/

Own your life online

User

“You” define how you are represented (name & image) to each of your contacts individually. You control your image and can change it at any time.

List

“White list” of personal contacts = only those “you” allow to get in touch with you. “You” decide who can reach you, how and when.

People

You are free to be open and interact with unknown people, including complete strangers. “You” can revoke a contact you do not want to hear from anymore at any time.

Spam

No unsolicited messages or calls, no harassment, no spam! “You” are in control!
and it’s free!

PEER-TO-PEER

No server in between to store exchanged content = messages always remain in the communicating devices.

OWN YOUR LIFE ONLINE

Mobile messaging & High Definition (HD) audio/video calls with freedom & privacy.

TWINME DOES NOT ACCESS NOR STORE

twinme does not access nor store any user private data. It does not peek into your device address book(s).
No Personal information

No personal information is required to use the service = no sign up with a phone number, email address or social network ID.

So literally “There’s an App for that!”

Now this does require that you TRUST the app builder and TRUST the download site; so since we don’t know the app builder and we do know that Google is in the bag with TLAs and Apple is slowly going there, I’d not use this for things TLAs might be interested in. Still, as a “quick get me running” with at least the corporate data vampires out of your neck; it looks pretty good.

Just for fun, I’m going to install it on my Android Tablet (if it isn’t too old and not supported…)

At that point I’ll need someone to test against, but I’ll cross that bridge when I get there.

As the Apple product is fairly secure, I could see using this for things like sharing gossip with friends and / or arranging meets. Were something TLAs or local police might be upset about being discussed, I’d not trust it beyond indirect or hinted text. While it in theory ought to be secure against that, you really do not know the two major trust points: the creator and the download site. (Why open source matters. You can check the code as can everyone else and you can compile it yourself so don’t need to trust the download binary).

This site also looks interesting as a place where folks are already doing the evaluation work:

https://www.deepdotweb.com/2017/12/19/messaging-apps-comparison/

Messaging Apps Comparison

Posted by: Puppie December 19, 2017 in Articles, Featured 4 Comments

With the attack on privacy in todays world, having a means of secure messaging is more imperative than ever and within the world of the dark net and drugs this couldn’t be more true. Everyday it feels like big brothers shadowy talons are clawing us in and taking away more of our civil liberties and freedoms but with this has come the need to fight back. Because of this many feel that email is becoming an outdated means of communication with its centralized nature, lack of default encryption, requirement of trust and its bleeding metadata.

In this article I’ll be exploring some popular email alternatives and how they stack up against each other with the intent of showing you the options you have available as you face this brave new world. It’s important to remember that for a service to be truly useful it must be accessible by everyone and work universally across devices and different OS. Before we continue a few key points.

One “takeaway” in all this is just that the “problem” may be an embarrassment of riches. Choice in a complicated field of many players. That article limits to “accessible by everyone and work universally across devices and different OS” so will tend to ignore a great solution that only runs on a known secure environment system. Still, those widely used are most likely to be well debugged and reliable.

His key points:

PGP encryption is still viable option an can be used with all these services, it should always be used when sending any sensitive content for extra protection.
Always use Tor or another anonymity service.
Installing these services on your system for darknet use can open you up to potential compromise, always verify your sources and preferably keep them separate, I would recommend using a dedicated VM.

Some notes about those points:

1) PGP. So say you were using “twin.me” to communicate. You mostly trust it, but would like a bit more. Well, you call your friend on the phone or meet at a public place and say “My encryption key is ‘One by one they ran into the valley of death’ so use that to open files I send you”. Now you can use the probably secure system to send an encrypted text file with the actual message in it. Even if the communications system is backdoored, they get nothing of interest.

2) Using TOR. To be truly anonymous, you must in some way hide your IP address of origin. That’s what the TOR engine does. Not everything needs this. Say I’m sending a “dirty picture” of me at the beach to my partner; I don’t really care if anyone knows that me and my wife communicate with each other. Were I sending directions on making hash oil to someone who sells me cocaine, well, I’d want the fact that “we’ve met” to be more hidden. (This example is used because you can find how to make hash oil on the open internet… and I don’t do coke, so the example can’t be used against me.)

3) Darknet. It is a shady place full of folks doing bad things, and The Feds (and national police from many nations) running stings and trying to catch the folks doing bad things. If you “go there”, it really is a good idea to do it via a “sock puppet” on a virtual machine somewhere else (and preferably that can not be traced back to you.) That’s way beyond what most of us need or care about. But, if that fits your use case: Learn to make and use VMs on providers in a few different nations and then have them do your TOR routing to final destination. Use an encrypted P2P / IPSEC tunnel to get to your VM and “rotate your shields” often… Make sure your VM does NO logging…

They only found three products to review based on those limits. One of them was Retroshare, but they also found i2pbote and Bitmessage. I’ll need to learn about those two and figure out which I like most, but for now I’m keen on Retroshare just because there is an open source Pi port of it and it does more than I need.

Here’s their write-up on Retroshare:

Retroshare

Official Site

Open Source– Yes

Decentralized– Yes

Hidden Metadata– Yes

External Security Audit– Yes, fixed promptly.

Message Speed Test– Instant with online nodes

Forward Secrecy– Yes

Compatibility– Windows, Mac, Linux, Tails (not official but possible), Whonix (incomplete), Qubes (incomplete)

Retroshare is a decentralized F2F where you make connections directly to the users of your choice which makes spying on communications near impossible. Because of this you’ll need to establish a line of communication with the intended recipient first to ensure you are connecting to each other. Retroshare sends messages directly which means both nodes will need to be online to connect and chat, indirect messaging can be done by both nodes having a common connection in between them to relay the message. It can be run over i2p or Tor; Tor use requires setting up a hidden service which some may find difficult but can be a great learning experience. I personally had no success setting it up in Whonix or Qubes with Tor but had success using it over i2p, you must use an anonymity with Retroshare or else everyone you connect to could see your IP address. Learn how to install Retroshare here.

Retroshare offers wide range of services; IM, email, file sharing, VoIP , video calling, forums and channels making it by far the most feature rich anonymous messaging platform available. This wide range of features including the need for direct connections can make Retroshare less desirable for security conscious users as it increases your attack surface and still requires an external means of communication to start off. The lack of complete support for Whonix and Qubes also means many users will be using it with Tails, Windows or Linux on the same machine they do their darknet business on. Even though it offers some of the best protection I wouldn’t recommend Retroshare for our needs as it requires trust between users and faces difficulty in widespread adoption.

So he doesn’t recommend it but for exactly the reason I like it: You must know the person your working with. Remember I’m in that P2P mindset. I know my peers; or they are not my peers. I’m not running a darknet business advertising openly and selling hand-grenades to folks I don’t know, some of whom are FBI. Not my use case.

So, say I wanted to share some political private discussions with Larry L., I’d set up a direct trusted connection between us as I have a pretty good feeling about him and know his attitudes. I’m fine with that. This isn’t a drug deal with someone I don’t know who might be a nark, so I don’t need the “anonymity” feature. Further, if I did for God Only Knows what reason, I could run this from a “sock puppet” machine at a public WiFi hotspot and / or route through TOR (despite the slowdown of things…)

So that’s the direction I’m going. A test of twin.me and a trial install of PiShare / Retroshare.

If folks have some other option they would like explored or prefer, holler at me in comments. This isn’t set in stone, it is just where my “first look” is sending me.

Here’s the links to the other two that were evaluated if anyone wants to look them over;

https://i2pbote.xyz/

i2pBote is an asynchronous email client operating over the i2p network meaning communications are delayed which can add to your anonymity but can make communications slow and inefficient. These messages are kept in a distributed hash table for 100 days before they are deleted. Since i2pbote operates over the i2p network you will need to install that first, this makes installation on Tails unrecommended and with Whonix and Qubes, more difficult. The installation of i2p can seem daunting but is not out of a noobs grasp with proper research, learn how to install i2p here and i2pbote here.

Not keen on “slow and inefficient” nor a 100 day residency time. The i2p network is a good product, but I’m not so sure this is the best way to communicate for simple privacy.

https://bitmessage.org/wiki/Main_Page

Bitmessage is a trustless, decentralized P2P encrypted messaging platform that works similar to Bitcoin with each message requiring a proof of work. Message and metadata is encrypted and distributed throughout all nodes on the network but only the address the message was intended for can decrypt the received messages. Messages that are sent to an offline node are rebroadcasted every 2 days indefinitely with a decreasing difficulty of work, . There may be some older or low power machines that may have difficulty running Bitmessage due to the CPU work required.

OK, nicely trustless, but I’m not keen on the workload aspect nor on my encrypted message being circulated forever…

In Conclusion

F2F looks like the whole solution and not roll your own on top of P2P. I’m going to try two examples (one an app and one an open source install). If there are more of interest, I’ll eventually find them or folks can point me at them.

Subscribe to feed

Posted in Tech Bits | Tagged , , , , | 3 Comments

W.O.O.D. 14 August 2018

Intro

This is another of the W.O.O.D. series of semi-regular
Weekly Occasional Open Discussions.
(i.e. if I forget and skip one, no big)

Immediate prior one here:
https://chiefio.wordpress.com/2018/07/26/w-o-o-d-26-july-2018/
and remains open for threads running there
(at least until the ‘several month’ auto-close of comments on stale threads).

Canonical list of old ones here:
https://chiefio.wordpress.com/category/w-o-o-d/

So use “Tips” for “Oooh, look at the interesting ponder thing!”
and “W.O.O.D” for “Did you see what just happened?! What did you think about it?”

What’s Going On?

Facebook, YouTube (Google), Apple, Spotify, and more have gone on a Lefty Jihad against Conservatives. It is continuing even as conservative voices find other places to be. Since conservatives make up about 1/2 of the population based on voting patterns, I suspect it is a very bad idea to piss off 1/2 your customer base.

Google / Alphabet is large enough and pernicious enough with ad revenue that it will take a long time to show any impact from YouTube declines. FaceBook however is a one trick pony. I’m sure it isn’t related / important but…

FaceBook 1 year daily chart from 14 Aug 2018

FaceBook 1 year daily chart from 14 Aug 2018

That’s a loss of one year of gains almost overnight, and conversion of a strong uptrend into a downtrend. Some companies never recover from that kind of thing.

There are plenty of alternatives as we discussed here:
https://chiefio.wordpress.com/2018/08/07/infowars-now-on-bitchute/

Kilauea volcano is taking a break from erupting. Nothing much new there, but at any minute that could change.

The Mueller Witch Hunt continues to go nowhere, but that doesn’t stop the show. It does slowly expose the depths of depravity and hate among the conspirators on the Left in the FBI and DOJ. Strzok got fired, so one more down. I think it ill take another 7 years to get the swamp cleaned up enough to notice.

Repeating from last posting is the rain issue: Massive rain and floods along the American East Coast.

Climate Paranoids are trying to keep the Ponzi afloat, but without American Cash are finding it difficult.

Then there’s the Turkish Lira. In a hard core free fall down about 15% in one day, 18% in two, 38% in 4 months. That’s gonna leave a mark… The ECB fears “contagion” (as they are going to lose bad in any tariff war with the USA and a “bad deal” or “no deal” BREXIT will stuff them more than Britain (as Germany is THE big exporter to Britain and the EU has a big trade surplus to lose); I’d be worried about contagion too. But likely not to the same countries as the ECB is worried about.

https://www.nakedcapitalism.com/2018/08/ecb-fears-contagion-turkish-lira-collapse-bank-stocks-plunge.html

ECB Fears Contagion from Turkish Lira Collapse, Bank Stocks Plunge
Posted on August 11, 2018 by Yves Smith

Yves here. Apparently some Fed insiders have been arguing for more measured rate increases due to the fact that hot money exiting risking emerging economies could put them in a world of hurt, witness that Argentina and Pakistan have gone tin cup in hand to the IMF. But Turkey sits in a critically important location, and Trump’s tariffs have had the effect of kicking the country down the stairs. Turkey has already been Russia and the Chinese have meaningful stakes in the country.

On the banking front, the EU implemented the very badly flawed Bank Recovery and Resolution Directive, IIRC in early 2017. It’s a blueprint for creating bank runs. First, there’s no EU level deposit guarantee, and national deposit guarantees are supposed to get to be better funded, but now pretty much none are adequate. Second, it requires bail-ins, meaning creditors take a hit rather than taxpayers. That in theory might be a nice idea but banks are far too opaque for creditor to make intelligent decisions about them. so they can’t effectively discipline management.

In fact, CoCo bonds, one of the instruments designed to help ease conversion of debt to equity looks to have decreased rather than increased financial stability. From Bloomberg in March:
[…]
Now even the ECB is beginning to fret about the potential impact the plummeting Turkish Lira may have on Eurozone banks that are heavily exposed to Turkey’s economy via large amounts in loans — much of it in euros — through banks they acquired in Turkey. Given the plunge in the lira, companies have trouble servicing their euro loans and are beginning to default. And loans in local currency are plunging in value along with the currency. This is how the currency crisis in Turkey, which is turning into a debt crisis, could set off contagion effects among banks in France, Spain and Italy — a risk we have been exposing for two years.

The ECB is concerned that Turkish borrowers might not be hedged against the lira’s weakness and begin to default on foreign currency loans, which account for a staggering 40% of the Turkish banking sector’s assets, the FT reported. Turkey leads all other major emerging markets on total foreign-currency-denominated debt (including public debt), which hit nearly 70% of GDP last year (up from 39% in 2009).

Banks in Spain, France and Italy have estimated exposure to Turkey’s banking sector of around €135 billion. Spanish lenders alone reportedly are owed just over €80 billion by Turkish borrowers in a mix of local and foreign currencies. French and Italian banks are respectively due just under €40 billion and €18 billion.

Turkey is also funding some of the “Rebels” in Syria so that’s on the rocks, and then they wanted to buy a bunch of Russian military gear and that will be much harder.

Looks like that whole “Dictator in charge” thing with purges and arrests isn’t working out all the well for them.

In other news, the USA Economy is thriving and employment has risen to the point where hiring managers are finding they may have to actually offer better salaries and be less picky about hiring. Blacks, Hispanics, Asians, and even White Males (last on the Politically Correct Preference Quota List) are finding jobs at record rates. Hoist a glass of cheer to that!

Subscribe to feed

Posted in W.O.O.D. | Tagged | 71 Comments