Why You Should Care About Phone Metadata
Saw this over at Schneier’s Security site.
How your phone tracks your every move
His phone was leaving traces about 3x an hour and it wasn’t just GPS coordinates.
It is an ABC (Australian) report. They asked normal people to look at some metadata to figure out what they could know about a person. Bingo!
Be afraid. Be very afraid.
For everyone who doesn’t have an issue with this – fine. Send me all your emails, texts, tweets, G+ posts, FB posts, all contacts in every device you own, a list of everything you watch on TV, through Netflix, popcorn, all the torrents and photos from the last 6 months. After all, you don’t have anything to hide. Oh – and I don’t want just the nice, sanitized stuff. Send it all.
After all, you have nothing to hide.
Here’s what the public found in his metadata.
His final thoughts:
Having strangers poring over your data can be an unnerving experience but whether we’re aware of it or not that’s increasingly the case in the world we live in.
Powerline Ethernet Adapters
First, we all know that wired ethernet is best. If the bandwidth specified isn’t seen, there are other issues. It isn’t the wires.
However, here are times when some other network method is needed. Typically, that is wifi, but we’ve learned over the years that wifi sucks too. The advertised connection rates do not reflect real-world bandwidth. Getting even half that amount is lucky. We’ve learned to live with it, since for most people anything over 10 Mbps is fine.
Space Shuttle Software Presentations
Mr. Jim Orr has published some presentations about the space shuttle flight software program. I used to work on this project in the late 1980s thru the early 1990s.
- Lists the 19 in-flight (or terminal countdown) failures of the Space Shuttle Primary Avionics Software System, along with impact of failure and actions taken.
- unique data from the space shuttle program. Data are shown as annual failure rate (in-flight, plus other failures found in testing or training) versus the actual number of unknown (at the time of flight) errors in the flown system.
The GN&C FSW for the shuttles was developed under a CMMI-5 process. We were optimizing our process to be as efficient, yet 100% bug free. It was a unique experience.
Everywhere else that I’ve programmed since always had different priorities. Good enough software was the goal, nothing more. Schedule (which is really budget) was usually set by some marking person.
Anyway, I hope you notice the reduction in found bugs from 1990 to 1994 in those presentations. Cool – huh?
That is what a dedicated team of people can accomplish when their goals align. I’ve also seen what happens when teams do not have the same goals.
Southeast Linux Fest 2015 Videos
You missed it! We had a great time! A fun time for like minded people. Learned a little about some distros I didn’t know still existed. Learned a bunch about some things I knew little about – Angry Noob Syndrome – ANS, for example.
Whether you are a hard-core DevOps person, normal admin, end user, developer, or DBA, there were 4+ sessions for each and lots of interesting things you never knew about.
Ever wanted to get GigE speeds over wireless for your entire neighborhood from 40+ miles away from any other buildings? There was a session about that!
Ok – so here are the videos.
HDMI Splitters and Switches Fried Hauppauge 1512 5
I love the smell of burning electronics in the morning. NOT!
I’ve had an HDMI splitter and Hauppauge 1512 recorder for about 2 yrs. These devices have worked well together and allowed me to push HDMI content to the 1512, a monitor, and a projector all concurrently. Worked nice, but only supported 1 input and only the 1512 only has drivers for Windows (booo).
So I picked up a J-Tech Matrix 4×2 HDMI switch/splitter to better control which inputs were sent to the different outputs without needing to swap cables anymore.
HDMI is a stateless connection, right? Perhaps not. Got everything connected and started having the matrix switch through the different inputs trying to see the output on either/both of the output devices. Didn’t appear that the handshake had worked, so I decided to disconnect the splitter and instead of it being just before the monitor, it would be in front of the matrix switch. As soon as the HDMI cable was connected to the Hauppauge device, I heard a little “Hiss” …. didn’t recognize it immediately, but then saw a little white smoke coming from the 1512 device. It sits along on the rack here – plenty of airflow around it. First unplugged the HDMI cable, but that didn’t immediately stop the growing smoke, so I pulled the power input. That stopped the smoke and hissing, but the 5 seconds probably fried the innards completely. Hopefully, no damage to other connected devices has happened. Don’t know yet.
So … I’m in the market for a
- linux compatible,
- USB-connected (can’t use card-solutions),
- HDMI video,
- HDMI 5.1+ audio
recording device that doesn’t cost $2K.
Any ideas?
OwnCloud/Dropbox Replacement 7
I’m always confused when folks elect to put their data on someone elses computer or storage. That is what using the cloud means.
It is really easy to have a private cloud where you host all the data from your broadband connected home with about the same power use as a high-efficiency LED light bulb. Plus by doing this, you can have remote access to all the compute power inside your house, through a highly secure connection, unlike what OwnCloud or Dropbox provide. Better. More secure. Under your control. What’s not to like?
CIA Operational Security Failures
Do you like Tom Clancy novels? Here’s a real-life story where the spies failed.
Operational Security, OPSEC, is hard. Even for the CIA.
Presentation by Matthew Cole of NBC News given at the Blackhat conference in 2013.
Seems that the metadata is more important than the actual conversation for cell phones. 25 minutes watching this video will make it clear even to non-technical people why we need to end US, state and local government spying of US citizens by the use of electronic means and license plate tracking.
Metadata alone was used by Italian authorities to determine about 18 US spies with 30 phones who snatched a suspect (Italian citizen) off the street in Milan in 2003. That person showed up about 14 months later in Egypt.
Phone metadata discovered this using a tool called “Analysts Notebook.”
More on Passwords and Online Security
As another online website got hacked today and leaked userids, email addresses and passwords, I started thinking about what would solve this issue basically forever.
- don’t use the same password anywhere online. Always unique per login/website.
- if you can, use a unique login for every online identity. No need to let anyone connect-the-dots or get a hint about your email login from a blog website. This is more important for logins to financial services. I couldn’t tell you my brokerage userid – don’t know it – it is random.
- if you can, use a unique email address for all identities. These do not need to be anything more than email aliases, since receiving email and redirecting it to a real account is easy. No need to support “send”. If you don’t know what an email alias is, don’t worry.
- Definitely have a few different email addresses – 1 for social stuff online and a different 1 or 3 for financial stuff. If the social email gets hacked, that shouldn’t impact your financial email accounts at all.
- Lie on all password reset questions. Never tell the truth or the same answer for different websites. Keep your lies inside a password manager.
How to do these things easily? Use a password manager. Try it for a week, see if you don’t become addicted. More on KeePass
There are other uses for password managers too. Well worth your time.
If we do these things, no need to panic over having any social/google password db out there. Even if it were leaked as plain text, I wouldn’t care. It doesn’t matter. Don’t let any social website know your real email address or a password used anywhere else. Unique, random matters.
Prefer F/LOSS security tools over commercial offers. Historically, commercial security vendors have mislead their users or the marketing department simply lied.
keepass and keepassx are good. The source code is available for download and review by anyone. Security of the tool is not through anything hidden, just good encryption which currently cannot be broken when normal best-practices are used.
KeepassX is amazing.
T-mobile PAYG Plan Changed!
The fantastic t-mobile payg (Pay As You Go) plan that I’ve been using for 8+ year is gone. It was $0.10/min, no monthly minimum.
Now they’ve made it $3/month and include 30 minutes. For many years, I’d spent about $20-30/yr total, so this is about a 50% price increase to me at 12 x $3/mon = $48/yr. It won’t kill me and my prepaid account is active for 365 days still (I assume). Most people would talk at least 30 min worth in a month, which is fine.
When I’d travel, the plan would be changed to
$2/Day Unlimited Talk, Text & 2G Web. That still exists, but they’ve added $10 for 7 days of LTE data (1G max). This $10 is additional and only provides data, not unlimited talk/text.
For example, just returned from Phreaknic and enabled the 2G unlimited stuff (talk/text and 2G data) for $2/day over 4 days = $8 total. Talked about 45 min in that time and used about 60MB of data for maps, GPS, directions. The signal always said 3G, but there were many places where no data flowed.
None of these PAYG plans provide any international roaming. So sad. Looks like picking up a €10-15 SIM after landing will still be the std procedure.
Update – 2015
Took a trip and was able to enabled a 7-day $10 1G data plan on the $3/month pay-as-you-go plan. For some trips, this would definitely be useful, but not for my last trip. I visited family and knew the area a little. Using offline map too – FreeNAV and preloading a few highly-rated restaurants into the favorites removed any need for data. Basically, I used the data to check emails during the 4 days I was at a conference. Meh. Those could easily have waited until the evening. Even when driving, the data plan wasn’t very useful – FuelMyRide – a cheap gas android app has stopped providing service, so that wasn’t useful. I did look up a discount chain when on the road, but that definitely wasn’t worth $10.
In summary, t-mobile has made their add-on data plans too expensive to be useful for short trips. The $2/day plans were just right – not cheap, but I could justify it easily. $10/wk seldom makes sense for me.
I really miss the pure pay-as-you-go plan that didn’t have a monthly minimum charge. Oh well, they are still the best deal for my needs.
Update – April 2015
I feel screwed again by t-mobile. I’ll explain.
Normally, I add $10 to my PAYG plan every year. This has been working since 2007-ish. I never really checked the balance, since adding that $10 annually added to the prior balance and extended the length for another 365 days. Last fall (after I added minutes), there was $30+ on the account. My expectation was these were good for 365 days, just like they had been for years. I don’t really talk on the cell phone, not my nature.
Jump forward to March 2015 and a trip out of town so I add the $10/wk for 1G of data to my PAYG plan. Notice the account balance is $5.xx AFTER the $10 is taken out. Fine, time to add some more money, it will be good for a year after all. Looked at a retailer for a $100 card and not finding it, picked up a $50 card.
Today, added the $50 to my account and it said the minutes were good for 90 days!!! WHAT?!! What happened to 365 days? 10 minutes later and I found lots of other people like me pissed off at t-mobile – basically they remove the 365 day period and didn’t tell anyone. Further, they left all the old advertising up on their website. I can’t spend $50 in cellphone use within 90 days. Can’t be done.
So a few people are claiming that prior gold rewards accounts are grandfathered. I hope so.
Pulled this from the t-mobile website today – Apr 2, 2015
How can I get the most value for my refill money?
A: If you are a pay by the minute customer, add $100 in refills to attain Gold Rewards status. Customers who have reached Gold Rewards status get 15% more minutes with every refill and keep access to service for a full year.
When do my Gold Rewards rates take effect?
A: Once you have activated $100.00 in refills on a pay by the minute plan, you automatically qualify for Gold Rewards and will receive 15% more minutes with every future refill. And you’ll retain access to service for a full year!
Rygel A Simple DLNA Server
Sometimes you just need a simple DLNA server.
Rygel is just that. Easier than miniDLNA, lighter than all the others like Plex Server.
I didn’t have to configure anything – it sorta just worked.
It works with the BubbleUPnP Android DLNA server/client/renderer and with every other DLNA client that I’ve tried – though we use a plex server most of the time.