[note: Editor's Post]
It's time, once again, to update our privacy policy. In short: Nothing has changed on our end.
Unfortunately that doesn't mean things haven't changed in the
Surveillance Capitalism 1 market.
So here are some of the ways in which you get tracked, harvested, packaged and resold.
note: References at the bottom of the post.
Smartphones: Trackers on steroids
By now, nearly everyone will have recognized that their smartphones do two things:
- It tracks and stores unlimited amounts of data about what you do, when you do it, where you go and it gathers unlimited amounts of data about the people you go with or hang around and gives that data it to people you don't know and that you have no idea what those people are doing with it.
Of course the apps all say that the ever trustworthy Google or Apple will protect you ... yeah, right ... exactly.
- It's an advertising delivery device. Sure it looks like it's making phone calls to your nearest and dearest but it primarily shovels up ads about stuff it thinks you would like to purchase. Whether you actually purchase the items touted or not, that information goes into that never ending squirrel cage of data about you.
More of Number 1 recycled back into Number 2: Infinite Loop. 2
Biometrics: Gathering the sheep...
Finger Print Readers: Press for Success
Many new smartphones and other devices are chiming on about all their "new security" features like fingerprint readers that will unlock your phone with a well, your finger print. In the old days, it took warrants to get a person to put their fingerprint On File but today lots of places would really like you to put it on your record (see Number 1) by simply asking you to "press here".
Face Recognition: We see you now...
These programs are now "the rage" and your phone and friends are most helpful with all those selfies and group shots where you tag (ID) your friends for the ginormous mug shot databases (see Number 1). Partial Face Recognition systems claim they can spot you in the background or while wearing that kewl Halloween mask. Are you faced away from the camera? No problemo there - they can shovel up the ad of what you are looking at just fine.
Emotional Face Printing: We feel what you feel..
Are you POed at something? Maybe you just won the lottery or Super Bowl office pool? Well, don't bother tying to blend in with the masses, the
Emotional Face Printing 3 folks are looking at your face and determining your emotional and stress levels by ... looking at your face. There are a ways of
categorizing your expression 4 into pigeon holes that allow systems to define your emotional response to things. If you are looking in a shop window and see something you like, your face lights up like "
It's a Nimbus 2000!!!". If you see something you don't like, disgust creeps right in there for the shop cameras to capture and analyze.
ID Chips: Not just for pets anymore
RFID chips 5 are great for tagging stuff. They help stores track inventory. Helps them watch when you pick up an item. They can track when you put it in your shopping cart and when you either hit the checkout stand (WIN) or drop it off in another part of the store (LOSE).
They are great at helping find lost pets. A quick scan at a Vets and if the chip is registered a loved pet is returned or an abandoned one can find a new home.
Now you too can have your very own Microchip Implant! 6 With a simple swipe of your hand you can open doors and verify who you are to ... well, those who want to know who you are.
Web Beacons: Crashing on the rocks
Web beacons 7 are now, oh so, passé, but they are everywhere. These are tiny "spots" inserted into the background of every web page, email, eBook and document. A given page may have A LOT of them. They have a simple trigger mechanism that shoots off a data message:
Kilroy Was Here 8, to the
people who put them on the page.
9 By using that dirty word: MATH, the placers of these beacons can tell how much of the page you read, how long it took you to read it and if you spent more time looking at .. oh... THE AD!!!
There are variations on the theme but this is the mechanism that lets Amazon know how much of a book you read and how long it will take for you to finish it. They also use it to determine if you stopped reading the eBook and if you picked it up again later. Some clever authors of eBooks selling under a
scheme at Amazon 10 used this to their advantage. If the reader made it to
The End, the author got more money, so the authors put their Table of Contents at the end of the book... Et VoilĂ !!
Remote Activation: On Camera!
While it may not seem to be the nice thing to do, smartphones, web cameras, microphones and speakers that have connections to each other can be turned on and off ... not just by you though. If you think your phone is Off.. maybe.. but likely it isn't. The phone may appear to be dormant but it may in fact continue to track and record your activities without any indications that the systems are in use. The little LED lights that normally indicate something is happening are just a convenience for you but not to others, so they don't turn them on. Your phone has the ability to cross connect these, like using the speaker/ear buds as a microphone. Off doesn't mean Off.
In many cases, the owner has granted this permission to an app for personal reasons but other people may not really appreciate being filmed and live streamed in the internet equivalent of
Smile! You're on Candid Camera! 11
Moving Forward ... maybe
So now, you get the picture or the web beacon has triggered, that there are a lot of ways that you can be tracked.. Oh Ho Hum... There are some newer things coming your way and some are here now.
Internet of Things (IoT): aka IDIOT devices.
Just when you thought you had your surveillance options under control here comes
IoT 12 to make sure you don't. In theory, IoTs will link all your desired items into one ginormous network controllable from your smartphone or computer. If there's an
App for It, you probably got an IDIOT device. Handy for turning on/off the lights from across town. Opening garage doors from miles away. Turning up the heat when no one is home so that it will be warmer when you walk in and the utility company will get to collect extra loot for heating an empty house. Those pennies all add up, just ask a bank if they will share a few...
So, IoTs have ... how can one describe this politely...
NO .... SECRUITY
OK, whew.. so what?
So, just about anyone and his dog, can open your garage door, or turn on/off your lights. Turn up/down the thermostat. Water your lawn for hours and hours. The basic security for the vast majority of IoTs consist of the most common passwords like:
- 0000
- 1234
- Password
- Admin
- Administrator
There are about 51+ variations of these and it turns out human beings just suck at making up passwords, but you already knew that.
We also use the same password over and over, but you knew that too.
Well IoTs are designed by the same sort of smart human beings; hence, less than 10 seconds after you plug in your IoT device a bad-dudette from the internet is going to take control of it and use to ... access YOUR internet connections.
What they do with it can be interesting. They may not be interested in you directly but the power of lots of these devices linked together can make a big dent in things.
In 2016, a
botnet 13 linkage of IoTs using
Mirai malware 14 was used to impact a
large portion 15 of the internet. While initial reports claimed
millions of devices were linked together for the attack 16 , in fact, only a few hundred thousand were needed in relayed attacks. IDIOTS are SMART
Oh.. did I mention? If you have an IDIOT device and you didn't change the password before you installed it, well... the only thing you can do is unplug it because there is no way to remove the malware(s) installed.
So, now consider how such a IoT botnet might be directed internally at you. As all these devices want access to the internet via your cable/Wi-Fi router. Once they have a linkage, the data feeding frenzy can happen at any time.
SIRI 17: So sorry we listened
IPA (aka Intelligent personal assistant) 18 is just another word for eavesdropping. Except mostly you agree to it or think it's a great deal. There are several aspects of this that may not be what you intended to happen. Voice capture has been around since
dictation 19 and
Dictaphones 20. Essentially we want to capture what was said and do something with it like: place an order... oh, oh, those ads again!
New electronic versions of this can be in your smartphone or sitting on your living room table to control your TV/Cable channels.
They basically LISTEN.
They listen to EVERYTHING.
They listen to everything ALL THE TIME.
Sometimes
they pretend to answer you 21 or do what you request like change the channel. Sometimes we pretend that they are just dumb machines when there are really people listening for command words and who then remotely punch the channel changer for you. Sometimes there really isn't anyone there at all,
it's just a computer chat bot programmed to reply in a generalized fashion 22.
So the latest ones sit in your home listening to everything going on. They are connected to your IDIOT devices and your smartphones and in a way travel with you everywhere you go.
And where is all that information going?
Why back to Number 1 and flowing into Number 2.
There are two basic aspects of voice control devices:
- IDing the Command 23
- IDing the Speaker 24
The more expensive listening bugs you buy and install yourself can do both. They know what you say and they know who is saying it. They need, or rather want, to know both of these because, well it tells them a lot about what you do and when you do it. They know who in the house wants to watch the sport channel and which members watch the morning cartoons. They want to know where you are in the room, so they listen to your heartbeat. As nearly everyone has a slight difference in heartbeats, the device can know where you are by listening to your heartbeat in relation to other sounds. The devices can do pretty good job of
triangulation 25. If you have guests, you can "introduce" them to the eavesdropping device and then your guests' voice and other biometrics can be uploaded too. Just another free hop on the gravy train for the ad agencies: Google/Apple/Facebook et al.
Don't burn the bacon!
Ultrasound: It's not a medical procedure
So far, some of these things don't appear to be linked like: your smartphone, your TV habits and your thermostat however, things are going to get more interesting and it's already happening.
Inside your smartphone are 3 types of communication systems; there are actually a
LOT more 26 but to simplify we can use just 3:
- Cellular Connection
- Wifi Connection
- Bluetooth Connection
So, while you think your phone is sleeping all these systems are active. They have various mechanisms for connecting to other devices but generically your smartphone is shouting:
HI!!! I'm a BIG MOUTH FROG 27 waiting for something to answer.
And guess what? Yeah not too hard to guess... LOTS of things answer and not everything is what you really would want to answer.
The Ad Dudettes, have figured ways to
capture all of these as you move around 28: you can be in an open space or in a mall, in your living room or bathroom, garage or sports arena. It's easier to find you in some areas than others but the Ad Chappies want to know what you are doing and they will do just about anything to locate you to find out. They use your phone's
Hi!!! I'm a BIG MOUTH FROG beacons to know within a very short distance where you are. If you also help them out with one of the fitness tracker wrist bands beaconing your heartbeat, health and precise GPS coordinates, they can find where you are pretty darn fast.
But it's not enough to just locate you, they want to:
Know You Better Than You Know Yourself 29
Remember it's about Number 1 and Number 2.
The major consumer benefit of indoor positioning is the expansion of location-aware mobile computing indoors. As mobile devices become ubiquitous, contextual awareness for applications has become a priority for developers.
Wikipedia Indoor Positioning System 30
One can safely say: no developer ever gave a R-A unless there was money involved. Money comes from ... well... SURPRISE! The Big Dog Ad Agencies. So finding you is a PRIORITY FOR ADVERTISING. CONTEXTUAL AWARENESS is EAVESDROPPING; they want to know what you are doing every minute and every second of the day.
It's not like there's a lot of variation though. Most folks are pretty regular in their habits.
- You wake up; go to the bathroom.
- You eat breakfast; go to the bathroom
- You go to work; go to the bathroom
- You eat lunch; go to the bathroom
- You work more; go to the bathroom
- You go home; go to the bathroom
- You eat dinner; go to the bathroom
- You watch TV; go to the bathroom
- You go to sleep; go to the bathroom as needed during the night
- REPEAT
Once in a while there is some variation in the list. You might go on vacation. You might go visit relatives or friends. You might go to the park. The variations you select say a lot about you and help the Addie Chappies select what to pitch to you.
The latest attempt to reduce your privacy to NONE is
Ultrasonic Cross Device Tracking.
31
... enables tracking of users across multiple devices, such as televisions, smartphones, and personal computers. Tracking users across multiple devices is made possible using inaudible sounds made by one device and picked up by the microphone of another device; these inaudible sounds are called "audio beacons".
Wikipedia Cross Device Tracking 31
Here's how it works....
- Everyone (except you) has to be ON the bandwagon. Phone makers, Hardware makers, OS makers, App makers, TV makers, IoT makers... basically EVERYONE who wants to SELL YOU SOMETHING
- These chaps will embed 2 types of systems in EVERYTHING.
- a listening system and
- a recording/reply system.
- They then embed a signal that triggers EVERY DEVICE in range to shout their I'M A BIG MOUTH FROG reply or to respond with a customized I'M A BIGGER MOUTH FROG reply.
- Oh did the part about INAUDIBLE get missed?
Yeah, YOU CANNOT HEAR IT.
- Oh did the part about PRE-INSTALLED get missed?
Yeah, YOU CANNOT OPT OUT.
- Oh did the part about getting A RESPONSE from ANYTHING in the area get missed?
Oh Yeah, it gets EVERYTHING.
Watching TV at home? All your IDIOT devices, pcs, smartphones, routers, water timers, thermostats, garage door openers, lights and your door locks will barf up their
BIG MOUTH FROG details.
Watching TV at the sports bar? All the patrons of the bar will have their devices barf up their
BIG MOUTH FROG details.
Taking a stroll around the block? If you pass by a storefront, street light, stop signal or even a waste bin, your device(s) will barf up their details to all those UN-HEARABLE sounds broadcasting on the
Twilight Zone Channel.
32
These
audio beacons can be embedded in nearly anything 33 that runs computer code: web pages, videos, newspapers, eBooks and lots more. The horizon is endless where
information can be plucked from the air 34 not just about you but plucked from all those around you and plucked from all those things around you too.
Still planning on buying that App Controlled Personal Massage Device? Hmmm....
So, while the options for data harvesting are nearly endless, there are some mitigations. You will have to dig to find them but there are many things you can do to slow it down. Here are 2 ezpz things you can do to start:
- Change your passwords to be unique 35
- Leave your smart phone at home or in the trunk of your car.36
In summary:
WE DO NOT TRACK YOU.
THEY DO.
References
1
https://en.wikipedia.org/wiki/Surveillance
2
https://en.wikipedia.org/wiki/Infinite_loop
3
https://en.wikipedia.org/wiki/Emotion#Basic_emotions
4
https://en.wikipedia.org/wiki/Contrasting_and_categorization_of_emotions
5
https://en.wikipedia.org/wiki/Radio_Frequency_Identification
6
https://en.wikipedia.org/wiki/Microchip_implant_(human)
7
https://en.wikipedia.org/wiki/Web_beacon
8
https://en.wikipedia.org/wiki/Kilroy_was_here
9
https://en.wikipedia.org/wiki/Facebook_Beacon
10
https://en.wikipedia.org/wiki/Kindle_Direct_Publishing
11
https://en.wikipedia.org/wiki/Candid_Camera
12
https://en.wikipedia.org/wiki/Internet_of_things
13
https://en.wikipedia.org/wiki/Botnet
14
https://en.wikipedia.org/wiki/Mirai_(malware)
15
https://en.wikipedia.org/wiki/Dyn_(company)
16
https://en.wikipedia.org/wiki/2016_Dyn_cyberattack
17
https://en.wikipedia.org/wiki/Siri
18
https://en.wikipedia.org/wiki/Intelligent_personal_assistant
19
https://en.wikipedia.org/wiki/Dictation_(exercise)
20
https://en.wikipedia.org/wiki/Dictaphone
21
https://en.wikipedia.org/wiki/Chatterbot
22
https://en.wikipedia.org/wiki/ELIZA
23
https://en.wikipedia.org/wiki/Speech_recognition
24
https://en.wikipedia.org/wiki/Speaker_recognition
25
https://en.wikipedia.org/wiki/Triangulation
26
https://en.wikipedia.org/wiki/Comparison_of_smartphones#Networks_and_connectivity
27
https://en.wikipedia.org/wiki/Types_of_beacons
28
https://en.wikipedia.org/wiki/Wireless_personal_area_network
29
https://en.wikipedia.org/wiki/Ultrasound_Identification
30
https://en.wikipedia.org/wiki/Indoor_positioning_system
31
https://en.wikipedia.org/wiki/Cross-device_tracking
32
https://en.wikipedia.org/wiki/The_Twilight_Zone
33
https://en.wikipedia.org/wiki/SilverPush
34
http://boingboing.net/2016/10/30/sneaky-ultrasonic-adware-makes.html
35
https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/
36
https://theintercept.com/2016/11/12/surveillance-self-defense-against-the-trump-administration/