Tech Letter

Fresh Technology Insights

Category: Geolocation

Researchers at Mysk show how any and all apps on your iOS devices have free and unrestricted access to everything that goes onto the clipboard

Developers at Mysk created a simple app with the sole purpose of displaying information gleaned from the clipboard, without user knowledge or consent.

When users copy images onto their clipboard, for example, the app can immediately read the content, including metadata that often includes the location of where the photo was taken.

The video demo below goes onto show that even the installed widgets can silently collect all data copied to the clipboard, without user knowledge.

Here’s a detailed explanation.

US Homeland Security Dept has purchased access to at least one database to track the locations of millions of mobile phones and is using the info in immigration and border controls and possibly other secret government surveillance programs

If the headline surprises you, you haven’t been paying attention. This has been going on for years. Ask Snowden.

What I’d like to know is how much tracking is DHS doing outside it’s borders?

US Department of Homeland Security (DHS) acknowledges tracking millions of smartphone users within the USA, despite a Supreme Court order limiting it’s authority to do so. DHS will not state how the data is being used.

Byron Tau and Michelle Hackman, Wall Street Journal »

The Trump administration has bought access to a commercial database that maps the movements of millions of cellphones in America and is using it for immigration and border enforcement, according to people familiar with the matter and documents reviewed by The Wall Street Journal.

The location data is drawn from ordinary cellphone apps, including those for games, weather and e-commerce, for which the user has granted permission to log the phone’s location.

More » Apple Insider

US Army bans soldiers from using TikTok » The app is considered a “cyber threat”

 Justine Calma, The Verge »

United States Army soldiers can no longer use TikTok on government-owned phones following a decision to ban the app. The move comes amidst ongoing worries that the video app owned by Beijing-based company ByteDance could compromise national security or be used to influence or surveil Americans.

“It is considered a cyber threat,” Army spokeswoman Lt. Col. Robin Ochoa told Military.com, which broke the news on December 30th. The army reportedly used TikTok to recruit members prior to the ban.

Both the Navy and Defense Department sounded alarms on TikTok earlier this month. The Navy previously told its members not to add the app, and to delete it from government-issued devices if it was already installed. The Defense Department also instructed employees to “be wary of applications you download, monitor your phones for unusual and unsolicited texts etc., and delete them immediately and uninstall TikTok to circumvent any exposure of personal information,” according to military.com.

More » CNN

Related » US Navy Bans TikTok From Military Devices » Security Boulevard (Dec 27, 2019)

More » BoingBoing, The Next Web, SecurityAngle

Related » TikTok eyes global headquarters outside of China as US scrutiny mounts – Tech in Asia (Dec 24, 2019)

More » WSJ

NY Times journalists answer » What’s the worst that could happen to your smartphone data?

NY Times »

None of us really has a choice to participate in tracking or not — the system just serves up location data, usually without us noticing. So for people who do want a bit of privacy — worshipers, young people visiting Planned Parenthood, those visiting a queer space, survivors hiding from an abuser — they no longer have a real choice about their privacy. Because the tracking touches everyone, can we really give up after concluding it’s fine for us? When we participate in this system, we’re tacitly endorsing it.

[…]

Your imagination can run wild with possibilities. It runs from tracking kids to tracking the nation’s top security officials and using the intelligence for some kind of blackmail.

For us, it was talking to one group that was so concerned they didn’t want to be named. We expected them to be worried, but in conversations with them, they were downright scared. When we showed them all the device pings collected in the center of their building during a gathering, they were horrified that people could know exactly who and how many people were in the building and when. The idea that their community members were followed in the data and we could figure out where they all lived — it wasn’t an abstract threat anymore. It was real and personal for them, especially since they felt like a target already.

ToTok is a United Arab Emirates (UAE) spy tool [Updated]

If you have messaging app ToTok on your smartphone, you will probably want to delete it. It is actually a repressive government’s spying tool.

Apple and Google have removed the app from their app stores.

Mark Mazzetti, Nicole Perlroth, and Ronen Bergman, writing in the NY Times (paywall) »

But the service, ToTok, is actually a spying tool, according to American officials familiar with a classified intelligence assessment and a New York Times investigation into the app and its developers. It is used by the government of the United Arab Emirates to try to track every conversation, movement, relationship, appointment, sound and image of those who install it on their phones.

ToTok, introduced only months ago, was downloaded millions of times from the Apple and Google app stores by users throughout the Middle East, Europe, Asia, Africa and North America. While the majority of its users are in the Emirates, ToTok surged to become one of the most downloaded social apps in the United States last week, according to app rankings and App Annie, a research firm.

More » Associated Press, Security Boulevard, The Mac Observer, The Register, Wired

There are similar concerns with other apps »

» U.S. Navy bans TikTok from government-issued mobile devices – Reuters

Updated Saturday December 28

» Not surprisingly, UAE denies developing the app as spy tool – SecurityWeek

Be paranoid about privacy

Kara Swisher, NY Times (paywall) »

Privacy has been losing badly, as users have become the online equivalent of cheap dates to these giant tech companies. We trade the lucrative digital essence of ourselves for much less in the form of free maps or nifty games or compelling communications apps.

We’re digitally sloppy, even if it can be very dangerous, as evidenced by a disturbing New York Times story this week about an Emirati secure messaging app called ToTok, which is used by millions across the Middle East and has also recently become one of the most downloaded in the United States.

The name was obviously used to place the app adjacent to the hugely popular TikTok, already under scrutiny by American officials because of its Chinese origins and possible link to the Beijing government. In the case of ToTok, according to the Times report, it turns out that it is a spy tool “used by the government of the United Arab Emirates to try to track every conversation, movement, relationship, appointment, sound and image of those who install it on their phones.”

Colleges are turning students’ phones into surveillance machines, tracking their locations, and grading them on class attendance

Drew Harwell, Washinton Post (paywall) »

When Syracuse University freshmen walk into professor Jeff Rubin’s Introduction to Information Technologies class, seven small Bluetooth beacons hidden around the Grant Auditorium lecture hall connect with an app on their smartphones and boost their “attendance points.

And when they skip class? The SpotterEDU app sees that, too, logging their absence into a campus database that tracks them over time and can sink their grade. It also alerts Rubin, who later contacts students to ask where they’ve been. His 340-person lecture has never been so full.

“They want those points,” he said. “They know I’m watching and acting on it. So, behaviorally, they change.”

Apparently, neither professors or the schools take any issue surveilling and invading the privacy of their students.

Knowing that you are being watched, doesn’t make it more correct.

Short-range phone sensors and campuswide WiFi networks are empowering colleges across the United States to track hundreds of thousands of students more precisely than ever before. Dozens of schools now use such technology to monitor students’ academic performance, analyze their conduct or assess their mental health.

[…]

The students who deviate from those day-to-day campus rhythms are flagged for anomalies, and the company then alerts school officials in case they want to pursue real-world intervention.

But then there’s the optics of it all »

Carter said he doesn’t like to say the students are being “tracked,” because of its potentially negative connotations; he prefers the term “monitored” instead. “It’s about building that relationship,” he said, so students “know you care about them.”

The world’s biggest surveillance network gives Chines authorities police vast powers to monitor regular people

Chinese authorities can scan your phones, track your face, and find out when you leave your home. And this is only the beginning.

Paul Mozur and Aaron Krolik, writing in The New York Times »

Chinese authorities are knitting together old and state-of-the-art technologies — phone scanners, facial-recognition cameras, face and fingerprint databases and many others — into sweeping tools for authoritarian control, according to police and private databases examined by The New York Times.

Once combined and fully operational, the tools can help police grab the identities of people as they walk down the street, find out who they are meeting with and identify who does and doesn’t belong to the Communist Party.

The United States and other countries use some of the same techniques to track terrorists or drug lords. Chinese cities want to use them to track everybody.

Read the whole story in The New York Times »

DNA is probably the only thing that’s harder to anonymize than geolocation data

There are things we can do to limit our exposure, from choosing privacy forward phones, carefully considering which apps we load onto them, questioning why a particular app is asking to know my location or other personal information, and giving proper consideration to the permissions and settings we allow our apps and phones to have. But privacy protections will come only when federal and international legislation is enacted to limit what companies and governments can do with the data collect. Until then, we are all at risk

Stuart A. Thompson and Charlie Warzel, N.Y. Times »

Today, it’s perfectly legal to collect and sell all this information. In the United States, as in most of the world, no federal law limits what has become a vast and lucrative trade in human tracking. Only internal company policies and the decency of individual employees prevent those with access to the data from, say, stalking an estranged spouse or selling the evening commute of an intelligence officer to a hostile foreign power.

Companies say the data is shared only with vetted partners. As a society, we’re choosing simply to take their word for that, displaying a blithe faith in corporate beneficence that we don’t extend to far less intrusive yet more heavily regulated industries. Even if these companies are acting with the soundest moral code imaginable, there’s ultimately no foolproof way they can secure the data from falling into the hands of a foreign security service. Closer to home, on a smaller yet no less troubling scale, there are often few protections to stop an individual analyst with access to such data from tracking an ex-lover or a victim of abuse.

[…]

“D.N.A.,” he added, “is probably the only thing that’s harder to anonymize than precise geolocation information.”

Your apps know where you were last night, and they’re not keeping it secret

Natasha Singer, The NY Times via The Irish Times »

An app on the device gathered her location information, which was then sold without her knowledge. It recorded her whereabouts as often as every two seconds, according to a database of more than one million phones in the New York area that was reviewed by The New York Times. While Magrin’s identity was not disclosed in those records, reporters were able to easily connect her to that dot.

The app tracked her as she went to a Weight Watchers meeting and to her dermatologist’s office. It followed her hiking and staying at her ex-boyfriend’s home, information she found disturbing.

“It’s the thought of people finding out those intimate details that you don’t want people to know,” said Magrin, who allowed The Times to review her location data.

Like many consumers, Magrin knew apps could track people’s movements. But as smartphones have become ubiquitous and technology more accurate, an industry of snooping on people’s daily habits has spread and grown more intrusive.

Read the whole article in The Irish Times »

First published in the NY Times »

© 2020 Tech Letter

Theme by Anders NorenUp ↑