China’s high-tech tool to fight toilet paper bandits

From the New York Times: China’s High-Tech Tool to Fight Toilet Paper Bandits.

BEIJING — The toilet paper thieves of the Temple of Heaven Park were an elusive bunch.

They looked like most park visitors, practicing tai chi, dancing in the courtyards and stopping to take in the scent of ancient cypress and juniper trees. But hidden in their oversize shopping bags and backpacks was a secret: sheet upon sheet of crumpled toilet paper, plucked surreptitiously from public restrooms.

Now the authorities in Beijing are fighting back, going so far as to install high-tech toilet paper dispensers equipped with facial recognition software in several restrooms. [continue]

Warrantless access in Canada

If you’re a Canadian who is concerned about privacy and digital rights, you’ll want to read the Vice article that shows “…the government is looking to restart a warrantless access program that had been declared unconstitutional.” How annoying is that?

Here you go, from Vice: Warrantless access.

Continue reading

A new kind of DNA evidence

Suppose your cousin leaves DNA evidence at a crime scene… and then police arrive at your door, because your DNA is similar to your cousin’s, and police found your DNA in a genealogical database. Does that seem like a good thing to you, or something from dystopian fiction?

If your DNA profile is in some database, this might happen. From jstor. A new kind of DNA evidence.

It was a high-profile crime in New York City—a jogger was murdered while running in a local park, and detectives had few leads. As the months passed and the crime remained unsolved, the victim’s family began pushing for wider use of familial DNA, or searching DNA databases for partial matches to DNA evidence that might represent a family member of the killer (the technique has been successfully used). Detectives eventually identified a suspect without it, but the idea of familial DNA testing is not going away. [continue]

Secrets from smart devices find path to US legal system

From phys.org: Secrets from smart devices find path to US legal system.

An Ohio man claimed he was forced into a hasty window escape when his house caught fire last year. His pacemaker data obtained by police showed otherwise, and he was charged with arson and insurance fraud.

In Pennsylvania, authorities dismissed rape charges after data from a woman’s Fitbit contradicted her version of her whereabouts during the 2015 alleged assault.

Vast amounts of data collected from our connected devices—fitness bands, smart refrigerators, thermostats and automobiles, among others—are increasingly being used in US legal proceedings to prove or disprove claims by people involved.

In a recent case that made headlines, authorities in Arkansas sought, and eventually obtained, data from a murder suspect’s Amazon Echo speaker to obtain evidence.

The US Federal Trade Commission in February fined television maker Vizio for secretly gathering data on viewers collected from its smart TVs and selling the information to marketers.

The maker of the smartphone-connected sex toy We-Vibe meanwhile agreed in March to a court settlement of a class-action suit from buyers who claimed “highly intimate and sensitive data” was uploaded to the cloud without permission—and shown last year to be vulnerable to hackers. [continue]

How does this make you feel about the electronic devices in your life?

The surprising things algorithms can glean about you from photos

This is an article I’ll be sharing with all my friends, because it’s important for us to understand the consequences one single photo can have.

Even if you do not tag the people in an image, photo recognition systems can do so. Facebook’s DeepFace algorithm can match a face to one that has appeared in previously uploaded images, including photos taken in dramatically different lighting and from dramatically different points of view. Using identified profile photos and tagged photos and social-graph relationships, a very probable name can be attached to the face. (…)

A person pounding the pavement of a city street can be identified and tracked block-to-block by the unique characteristics of her gait. (…)

Taking a photo or video in public isn’t illegal, nor is taking one with a person’s permission. It’s also not illegal to upload the file or store it in the cloud. Applying optical character recognition, facial recognition, or a super-resolution algorithm isn’t illegal, either. There’s simply no place for us to hide anymore. [continue]

That’s from Andreas Weigend’s article, The Surprising Things Algorithms Can Glean About You From Photos, published on Slate. I think you’ll want to read the whole thing.

A note at the bottom of the Slate article says, in part, “Andreas Weigend is the author of Data for the People: How to Make Our Post-Privacy Economy Work for You.” I am grateful for this Slate article – it has super information and will be a handy thing for me to send to friends and post on a certain bulletin board. So I’ve just bought Andreas’ book, as a way to thank him.

Oh, and about laws regarding the taking of photos: we had a house guest from the Netherlands a while ago. He said it’s illegal in the Netherlands to take photos of people without their permission. Really? That’s a great idea. I wish we had a similar law here.

Are any of you saying no when others want to photograph you?

An exaltation of links!

I’ve come across dozens of interesting things to share with you lately, but I’ve also been quite short of time. So here are a whole bunch of things I think you’ll like, all at once, for your weekend reading pleasure.

I’ve thought of doing this for a while now: occasional posts full of linky goodness. But a pleasing name for such postings failed to suggest itself to me, and so I was thwarted. This morning, though, the name arrived in my brain. This is An Exaltation of Links. Because why should the larks have all the fun?

Continue reading

More on the dangers of facial recognition software

This facial recognition stuff gets more chilling at every turn. Did you see this article from the Guardian a few days ago? SXSW panel opens window into dangers of facial recognition software .

He said that his facial recognition system is now so good at recognising races, a challenge in the past, that it can be used as a genealogy tool. “It’s coming back with the percentages of race the person is,” he said, mentioning someone who came up 12% Asian despite looking Caucasian. “Oh, I have a Chinese grandmother,” she said, according to Brackeen.

Brackeen said Kairos has been pushing for regulation, and that although he believes Karios’ conduct is responsible, he could not say the same for some competitors. He mentioned FindFace, for example, the Russian company which made an app that could analyze images of people and match it to their social media accounts.

The app was supposed to be for finding friends, but members of online messaging board Dvach started using it to expose identities, harass porn actors and spam their families with the news of their discovery. [continue]

So here’s how it’s going. You’ll be out having a coffee at the neighbourhood cafe, and anybody with a camera will be able to take your photo, submit it to a facial recognition database, and find out more about who you are. What’s your name? Who’s your mamma? Where did your ancestors come from? And more.

Are you ok with that?

Genetic testing, privacy, and the law

If you have your DNA tested for genetic concerns, should the results be private? Or should you be forced to share that information with insurance companies and your employer? That issue is in the news this week. The USA moved in one direction (Guess what they decided – I know you can!) and Canada did the opposite.

Here’s what the US is doing:

And in Canada:

Over the objection of their own government, dozens of Liberal backbenchers voted Wednesday night in favour of a bill banning genetic discrimination.

In voting for what is known as Bill S-201, the backbench Liberals, along with all Conservative, NDP and Green Party MPs made it a crime for, among other things, insurance companies to demand potential customers provide a DNA test in order to get a policy. Additionally, no company will be able to deny someone a job if they fail to have their genes tested.

Protection from discrimination because of an individual’s genetic makeup will now be written into the Canadian Labour Code and the Canadian Human Rights Act. [continue]

That’s from the National Post article, Liberal backbenchers vote against Trudeau, pass law banning genetic discrimination.

Thank you, Canadian MPs.

Can facial recognition systems help save lemurs?

Look, a use of facial recognition technology that doesn’t invade my privacy, or yours! From phys.org: Can facial recognition systems help save lemurs?

Facial recognition is a biometric system that identifies or verifies a person from a digital image. It’s used to find criminals, identify passport and driver’s license fraud, and catch shoplifters.

Yes, and to invade the privacy of an entire populace, tracking innocent people who should be left in peace.

But can it be used to identify endangered lemurs in the jungles of Madagascar?

Yes, said Anil Jain, biometrics expert and university distinguished professor at Michigan State University.

Jain and his team modified their human facial recognition system to create LemurFaceID, the first computer facial recognition system that correctly identifies more than 100 individual lemurs with 98.7 percent accuracy. [continue]

Is Gravatar exposing your email address?

Do you use Gravatar to display a custom image next to your comments on various blogs? Or do you have a blog at wordpress.com? If so, Gravatar has your email address, and it might be easy for a hacker to figure out what that address is.

Wordfence explains the problem, and why it matters.

For example: A user may be comfortable having their full name and profile photo appear on a website about skiing. But they may not want their name or identity exposed to the public on a website specializing in a medical condition. Someone researching this individual could extract their Gravatar hash from the skiing website along with their full name. They could then Google the hash and determine that the individual suffers from a medical condition they wanted to keep private. [continue]

For text message privacy, get Signal

From Brian X Chen’s Tech Fix article in the New York Times: Worried About the Privacy of Your Messages? Download Signal.

By the time you finish reading this column, you would be foolish not to download the messaging app Signal onto your smartphone and computer.

The free encrypted messaging service has won the acclaim of security researchers and privacy advocates, including Edward J. Snowden. All have said that Signal goes above and beyond other chat tools in keeping electronic communications private.

And now more than ever, we may need it. That’s because [continue]

I’ve been using Signal for ages now, and recommend it to everybody.

Google Chrome is listening, without your permission

I wish Google would take the lead in respecting privacy, rather than invading privacy. But no, we have news like this. From Privacy Online: Google Chrome Listening In To Your Room Shows The Importance Of Privacy Defense In Depth.

Yesterday, news broke that Google has been stealth downloading audio listeners onto every computer that runs Chrome, and transmits audio data back to Google. Effectively, this means that Google had taken itself the right to listen to every conversation in every room that runs Chrome somewhere, without any kind of consent from the people eavesdropped on. In official statements, Google shrugged off the practice with what amounts to “we can do that”. [continue]

Sigh.

Anonymous is supporting a new privacy-focused social network that takes aim at Facebook’s shady practices

From Business Insider: Anonymous is supporting a new privacy-focused social network that takes aim at Facebook’s shady practices.

As if there weren’t enough social networks out there, here’s another new social network. But this one hopes to attract the likes of online freedom activists, and it even wrangled the attention of Anonymous.

Minds.com is a social network like most others: It lets users share links as well as their thoughts with their followers via the usual status updates.

But Minds, which officially launched both its desktop and mobile apps today, hopes to entice users given its promise of security. The program is completely open source and encrypts all private messages sent between users.

“Our stance is the users deserve the control of social media in every sense,” Minds’ founder Bill Ottman told Business Insider.

This distinguishes itself from Facebook, which has long had questionable privacy practices.

Minds also promises to use a de-mystified algorithm to boost content. [continue]

Interesting. The registration page says Anonymous accounts are fine with us. So, hmmm, I’ll read through the terms of service and see if it might be worth trying. Do any of you use it?

Conservative app puts voter identification in campaign workers’ hands

The CBC brings news on how the Conservative Party of Canada tracks people: Conservative app puts voter identification in campaign workers’ hands.

An unusually talkative Conservative staffer may have inadvertently helped CBC News glean exclusive details of a new mobile technology that will help Prime Minister Stephen Harper’s team collect and sort voter information faster than ever before.

Conservative workers are already using a new smartphone and tablet-friendly app called CIMS to Go, or “C2G”, as party members call it.

CIMS stands for Constituent Information Management System, the Conservatives’ powerful voter information database. Along with voter lists and door-knocking data, anyone who has ever donated to the party, agreed to a lawn sign or even filled out an MP comment card is captured in the system.

The new app lets party canvassers log voter information directly into CIMS as they move door-to-door, [continue]

How do you feel about polital campaign doorknockers entering details about you in a national database used by their party?

Facebook begins mass rollout of free bluetooth business “beacons”

From DailyTech: Facebook Begins Mass Rollout of Free Bluetooth Business “Beacons”.

Facebook announced this week a foray into the embedded wireless advertising market, offering up free Bluetooth beacons for business owners.

For those in New York City this may all sound somewhat familiar as Facebook has been testing the roughly hockey puck sized devices at a handful of partner sites around the city under the “Place Tips” program.

The idea inject items pertaining to the beacon-outfitted business into the News Feed on a user’s smartphone Facebook app to jump to the business’s page, encouraging likes, offering information, and to check out tips from your friends about the business you’re visiting. The beacons will offer:

  • Prompts to like the business’s Page
  • Check in reminders
  • Recommendations from your friends
  • Posts from the business’s Page (…)

In an attempt to assuage users concerns over this new so-called “proximity-based advertising” feature, [continue]

Just when I think Facebook can’t possibly get any worse, they do.

Tutanota for private and encrypted email

Should any snoopy individual or entity be able to read your email, or would you rather have private email? I’m opting for the private approach, myself.

If you’d like to have private and encrypted email, you might want to check out Tutanota. It’s hosted in Germany, where privacy legislation is pretty decent. It’s encrypted, open source, and pretty cool. Get an account for free and try it out!

I’ve been using Tutanota for a while now. It’s not perfect, but it is pretty fine, and is improving all the time. I like it. I’m particularly pleased that it is dead easy to use, even for those those of your friends who aren’t so good at the whole internet thing.

The world says no to surveillance

Oh, look! The NYT has published an article by Edward Snowden: The World Says No to Surveillance.

MOSCOW — Two years ago today, three journalists and I worked nervously in a Hong Kong hotel room, waiting to see how the world would react to the revelation that the National Security Agency had been making records of nearly every phone call in the United States. In the days that followed, those journalists and others published documents revealing that democratic governments had been monitoring the private activities of ordinary citizens who had done nothing wrong.

Within days, the United States government responded by bringing charges against me under World War I-era espionage laws. The journalists were advised by lawyers that they risked arrest or subpoena if they returned to the United States. Politicians raced to condemn our efforts as un-American, even treasonous.

Privately, there were moments when I worried that we might have put our privileged lives at risk for nothing — that the public would react with indifference, or practiced cynicism, to the revelations.

Never have I been so grateful to have been so wrong. [continue]

Paypal sends ads on numbers it otherwise obtained

How annoying is this? Paypal sends ads on numbers it otherwise obtained.

Be careful when you sign PayPal’s soon-to-be-updated user agreement: new wording in the document means the company could soon be able to make phone calls and send text messages to numbers of yours that you didn’t give them. As noted by The Washington Post, the new agreement updates a clause that means PayPal can now contact you with “autodialed or prerecorded calls and text messages,” on numbers the company has “otherwise obtained” from other sources.

While the new agreement sounds invasive, it should be noted that under the current document, PayPal could also technically obtain numbers from various sources. The existing agreement specifies that the ways users provided a telephone number “include, but are not limited to” providing a telephone number at account opening, adding a telephone number to your account later, giving it to an employee, or by using it to call PayPal. The new document expands on these specific examples, making it clear the company can also draw numbers from data lists and match them to users. [continue]

This is not how to win friends and influence people, Paypal.

This reminds me to mention two things you might like.

  1. Paranoid Paul is a free privacy policy tracking tool; it will give you the heads-up on policy changes for sites you’ve said that you use.
  2. You get unwanted phone calls or text messages? Get some software to block that, kids, and that’s the end of that problem.

More about the PayPal nonsense

Disconnect files EU anti-trust complaint against Google

From the Electronic Frontier Foundation: Disconnect files EU anti-trust complaint against Google.

Disconnect Inc., a company that makes privacy protecting software, is fighting back after its Android apps were pulled from Google’s Play store.

Disconnect’s mobile app is designed to prevent non-consensual third-party trackers from collecting detailed profiles of how you use your Android phone (much like EFF’s Privacy Badger does in Firefox or Chrome). Additionally, whenever an app on your phone tries to download malvertising (malware distributed using advertising networks, including Google’s Doubleclick network and others), Disconnect intercepts the request and blocks it. Disconnect is even one of the few apps to protect against both Verizon’s injected IDs and Turn’s resultant ‘zombie cookies’. However Google has removed Disconnect from the Play store, claiming it violates their terms of service—specifically a section which forbids the distribution of apps that interfere with or disrupt the services of any third party.

As we’ve explained before, Google seems to be enforcing this clause in order to put its own profits ahead of the privacy of its users. By banning Disconnect Google has effectively said that users don’t get to control what data their phones transmit to third parties, if that control depends on apps distributed through the Play store. [continue]

I use and like Disconnect. Google’s behaviour here annoys me very, very much.

Apple’s Tim Cook on privacy

Apple has risen substantially in my estimation lately. Look at these articles from the Guardian:

And now this, from the Verge: Tim Cook: Silicon Valley’s most successful companies are selling you out.

Hurrah, Tim.

(I still use Linux, though.)

Encryption key to free speech, says UN report

From the BBC: Encryption key to free speech, says UN report.

Encryption software that makes it hard to spy on what people do and say online is “essential” for free speech, says a United Nations report.

Without anonymising tools, many people will find it far harder to express opinions without censure, it says.

Any attempt to weaken encryption software will only curb this ability, it warns.

The report comes as many governments seek to put “backdoors” in encryption software to aid law enforcement.

“Encryption and anonymity, separately or together, create a zone of privacy to protect opinion and belief,” says the report written by David Kaye, a special rapporteur in the UN’s office of the high commissioner for human rights. [continue]

This is awesome.

Factory re-set leaves your data on Android phones

How annoying is this? From ZDNet: Think factory reset wipes your data from Android phones? Think again.

Diligent Android users may have done the right thing and factory reset their devices before selling them, but researchers have shown personal information can still be recovered from dozens of devices, even after they’ve been wiped.

As many as 500 million smartphones running older versions of Android may still be carrying data including Google and Facebook account details, SMS and email content that users would likely assume would be deleted from their devices after a factory reset. [continue]

This is one reason that I won’t be selling my old phone.

NSA planned to hijack Google app store to hack smartphones

Will the NSA ever stop trying to invade our privacy? Probably not. This is from The Inercept: NSA Planned to Hijack Google App Store to Hack Smartphones.

The National Security Agency and its closest allies planned to hijack data links to Google and Samsung app stores to infect smartphones with spyware, a top-secret document reveals.

The surveillance project was launched by a joint electronic eavesdropping unit called the Network Tradecraft Advancement Team, which includes spies from each of the countries in the “Five Eyes” alliance — the United States, Canada, the United Kingdom, New Zealand and Australia.

The top-secret document, obtained from NSA whistleblower Edward Snowden, was published Wednesday by CBC News in collaboration with The Intercept. The document outlines a series of tactics that the NSA and its counterparts in the Five Eyes were working on during workshops held in Australia and Canada between November 2011 and February 2012. [continue]

This is why I’d like an open-source alternative to the app store. An open-source app source that is vetted by security professionals, and whose code can be in spected by anyone… well, that is probably our best protection against crap like this.

Signal, an encrypted messaging app for iPhone

From The Intercept: You Should Really Consider Installing Signal, an Encrypted Messaging App for iPhone.

App maker Open Whisper Systems took an important step in this direction today with the release of a major new version of its Signal encrypted calling app for iPhones and iPads. The new version, Signal 2.0, folds in support for encrypted text messages using a protocol called TextSecure, meaning users can communicate using voice and text while remaining confident nothing can be intercepted in transit over the internet.

That may not sound like a particularly big deal, given that other encrypted communication apps are available for iOS, but Signal 2.0 offers something tremendously useful: peace of mind.

Unlike other text messaging products, Signal’s code is open source, meaning it can be inspected by experts, and the app also supports forward secrecy, so if an attacker steals your encryption key, they cannot go back and decrypt messages they may have collected in the past. [continue]

By the way: if you happen to be an Android user, check out the Wickr program.