Category Archives: privacy

your smartphone is watching you

56/365: I-Spy.

I started playing around with Foursquare to see what all the fuss was about with those “hey look at me I’m at the grocery store” apps. On itself Foursquare turns this whole thing into a little game where you earn points and merit badges for exploring new and exciting places, which stimulates you to explore even more new and exciting places. It’s fun.

What I learned additionally while playing around with it, is that even without the GPS active on the phone, or the WiFi-localization mode which exists on any Android & iPhone device, Foursquare could figure out where I was pretty damn accurately.

So how does it do this?

Android for example can determine a phone’s location by using GPS, WiFi and cell-tower signals. So while some applications don’t work well without a GPS signal, it’s not really required to get a (not so accurate) fix on your location. So all any app really needs is an internet connection, your cellphone network data and possible some WiFi network info to get a pretty darn accurate idea where you are. Without even using the GPS function on your phone. Interesting.

This isn’t something shocking and new, but it is something to keep in mind when you’re installing random apps on your phone. These apps only need internet access to send your approximate location to whoever wants to know. No other security restrictions required.

EFF posted this interesting article about what cell-phone companies can do with the location data they collect from your phone. But with the advent of the smartphone, anyone who writes an app might be doing the same.

Photo by practicalowl, cc-licensed.

why camera surveillance in mechelen won't work

The Belgian city of Mechelen is planning to put up road surveillance camera’s up on all big exit and entry roads to the city. The reason for this is -of course- the same as it always is when it comes to invading your privacy: to increase security. The plan is to scan every license plate that passes the camera and hopefully be able to stop or catch burglars more easily and scare them away from Mechelen.

I don’t have to tell you how scanning every car’s license plate invades the general public’s privacy, but that’s the price to pay for additional safety isn’t it? The problem with this solution is that it’s called a “Club solution” in the IT world.

A club solution works as long as only a small club of users (cities in this case) use it. So camera surveillance might scare off crooks, but it won’t stop them. They will move to other cities which do not have the same solution. This somewhat forces the other cities to apply the same tactic. After a while every major city will have camera surveillance in place and your solution stops working. It’ll make crime harder, but it won’t stop it. So they will return to the most profitable cities since there’s surveillance in all of them by now anyway.

I’m sure that a hardened criminal won’t be stopped by this. There’s plenty of ways to circumvent the camera’s when you think about it. Fake license plates, stolen cars, disabling the camera’s or simply making sure you bypass them by taking smaller roads.

So we end up with the public being watched at all time and crime at the same rates as it used to be. Big Brother is born one step at a time.

Photo by nolifebeforecoffee, cc-licensed

we all need a pirate party

You’ve probably heard of them in the news. The Swedish Pirate Party is one that sprung from the Pirate Bay bittorrent search engine lawsuits and is a modern party which focused on issues concerning privacy and copyright which have changed considerably in the last decade due to the influence of the internet and modern technology. A while ago I heard that the Belgium government is trying to get a Big Brother bill (Dutch article) across to force ISP’s to keep records over a period of two years of all it’s customers internet usage. For one this is going to cost a shit-load which the consumer will end up paying one way or the other. We’re already one of the most costly European countries to have a broadband internet connection in without this measure, so this won’t help at all. Secondly this is also a huge infringement of our privacy. Europe suggest logs are kept somewhere in-between 6 months and 2 years. Funny that they are going for the maximum term on this. Why not take the short end and don’t bother ISP’s with the investment of keeping huge databases? The worst thing about this whole deal is the potential privacy infringements this could cause and for what? Huge databases sitting there to be exploited, hacked and sold on to the highest spammy bidder. I don’t like it a tiny bit.

So Belgium could use a Pirate Party to protect us from bills like this IMO.
Does your country have a Pirate Party?

Photo by country boy shane, cc-licensed

your website sucks in so many ways

Well, maybe not yours, but if it qualifies for the following rules, it does. So check em out.

  1. You can’t store my name. My name contains something called an umlaut which is used in Germanic languages like German (duh) and Dutch for instance. My name either turns up with a missing letter, or I get a funky character instead. It sucks. It means you can’t handle unicode or encoding properly. It sucks.
  2. You send me my password in plain text email right after I register. Well, ok, the email used HTML encoding, but that doesn’t make it any better. Email is not safe. Really, it isn’t, so I’m glad I didn’t use a password that looked anything like a password I use anywhere else. This makes me think your coders don’t know what they are doing.
  3. You chopped off my password after n characters and didn’t even warn me about it. Yep. As soon as I’m done registering I get this error message that my password is wrong. I just gave it to you silly twat, and it’s still in my copy buffer dammit, so it can’t be wrong!? Guess what happens when I do that password recovery thing by the way. Oh yeah. I get my password in plain text again, in my mailbox.
  4. I find out there are some privacy settings in my account settings which where not presented to me when I created my account. How odd? Not really. Apparently I automatically opted-in on a bunch of possibilities to commercially exploit my info. Nice… not. I hate spam. It sucks.

Most of these are so easy to come by that it’s sad to see these practices still in use. Try any good web 2.0 service and you’ll see how to avoid these pitfalls, and learn about encoding dammit. Also if you’re registered to the Belgian newspaper site of Het Nieuwsblad, make sure you check your privacy settings, and skip on some of the spam-features they have. They suck.

Photo by Sinsong, cc-licensed