PLEASE READ!!!

***** ALL users will have to request a password reset BEFORE you will be able to log into the forum. See the thread in the forum issues section for further instructions. If you have issues with this, email us at admin@urbanohio.com. *****

Author Topic: Security and Privacy  (Read 1081 times)

0 Members and 1 Guest are viewing this topic.

Offline YABO713

  • Burj Khalifa 2,722'
  • *****
  • Posts: 1814
Re: Security and Privacy
« Reply #30 on: February 12, 2018, 03:20:13 PM »
Curious if you can share any non-identifying info/stories/parables.

I'll scrub this down.

But currently, a client of mine sent the down payment for his mortgage to a false bank account in Romania. Our contention is that the hacker was able to get to the escrow agent's email address and, through basic surveillance of the account, knew my client would be closing on his home very soon. As such, the hacker established a phone # in the area code and duplicated the escrow agent's email address, solicited the funds via email and called the client to confirm over the accuracy of the account info over the phone. It's all gone now.

.... for the moment at least.  ;)
« Last Edit: February 12, 2018, 03:23:42 PM by YABO713 »

Offline YABO713

  • Burj Khalifa 2,722'
  • *****
  • Posts: 1814
Re: Security and Privacy
« Reply #31 on: February 12, 2018, 03:22:56 PM »
Would setting the FB app mic or the Alexa mic to “off” negate this?

Nope. Not for surveillance purposes at least. But, generally, if they have access to the mic, they can also control it. I have scotch tape over my cam and also over my mic.

If true, this should be a major security scandal.  The operating system is supposed to control access to those devices, and the apps aren't supposed to be able to override that.  I'd have to think for this to be true Google and/or Apple would have to be working in coordination with FB. 

This is a good argument for open source software, so that things like this could be audited by privacy advocates.

You're absolutely correct, the microphone should be able to be disabled on the operating system. But a company with the resources of FB will be able to own the functionality of your computer once you've used at least 1-2 of basic Facebook functions that we would normally presume to be innocuous, i.e. the microphone.

Further, imagine attempting to prove, in court, that Facebook went into your computer and turned your mic on. There's almost no recourse for behavior like that, that's what makes it so scary.

Offline 327

  • Jeddah Tower 3,281'
  • *****
  • Posts: 6730
Re: Security and Privacy
« Reply #32 on: February 12, 2018, 03:27:15 PM »
Would setting the FB app mic or the Alexa mic to “off” negate this?

Nope. Not for surveillance purposes at least. But, generally, if they have access to the mic, they can also control it. I have scotch tape over my cam and also over my mic.
If true, this should be a major security scandal.

I feel the same way but I think we're in the minority on this.  The response I normally get from people is "whatever," especially younger people.  It's scary and I don't know what the answer is.  More and more people would sooner trust a machine, linked to a network of corporations, than their own neighbor. 

Offline YABO713

  • Burj Khalifa 2,722'
  • *****
  • Posts: 1814
Re: Security and Privacy
« Reply #33 on: February 12, 2018, 03:36:34 PM »
^The response I always get when I give talks on this topic is... "If you're not doing anything wrong, what do you have to worry about?"

Offline 327

  • Jeddah Tower 3,281'
  • *****
  • Posts: 6730
Re: Security and Privacy
« Reply #34 on: February 12, 2018, 03:45:42 PM »
^The response I always get when I give talks on this topic is... "If you're not doing anything wrong, what do you have to worry about?"

What's your reply?

Offline GCrites80s

  • Jeddah Tower 3,281'
  • *****
  • Posts: 8160
  • 1492 or 4,192?
Re: Security and Privacy
« Reply #35 on: February 12, 2018, 03:48:41 PM »
Facebook turns your mic on, listens to you and uses keywords in your conversation to match you with the ads or 'suggested post.' The other day my brother was talking to me about customizing his motorcycle. We had maybe a 3 minute conversation about motorcycles. The next day on Facecbook, I got a bunch of motorcycle ads. I've never in my life Googled motorcycles or have had anything to do with motorcycles but I had a ads for motorcycle parts, popping up.



What I've noticed that goes on with Facebook is that if you share a wi-fi network with someone that they will link that person to you. That's why a few years ago I creepily got "people you may knows" from my co-workers and even people from the mall management office. I was not connected in any way to these people in my friends list. Not friends of friends or friends of friends of friends. That then got transferred to Instagram years later... the person from the mall management office doesn't even work for the mall company any more but is still in my recommended list. It also transfers their ads to you. So if your brother had been looking at bike parts on the web, now you are into bikes too, maybe. For example, at home I now get ads for things other people were looking at on work computers.

Offline YABO713

  • Burj Khalifa 2,722'
  • *****
  • Posts: 1814
Re: Security and Privacy
« Reply #36 on: February 12, 2018, 04:02:02 PM »
^The response I always get when I give talks on this topic is... "If you're not doing anything wrong, what do you have to worry about?"

What's your reply?

"If it's not going to be disseminated, would you mind if your gym put cameras in the shower? There is a chance, though slim, that a violent crime would be committed there."

Online X

  • Global Moderator
  • Jeddah Tower 3,281'
  • *****
  • Posts: 9697
    • Western Reserve Meadery
Re: Security and Privacy
« Reply #37 on: February 12, 2018, 11:35:18 PM »
Would setting the FB app mic or the Alexa mic to “off” negate this?

Nope. Not for surveillance purposes at least. But, generally, if they have access to the mic, they can also control it. I have scotch tape over my cam and also over my mic.

If true, this should be a major security scandal.  The operating system is supposed to control access to those devices, and the apps aren't supposed to be able to override that.  I'd have to think for this to be true Google and/or Apple would have to be working in coordination with FB. 

This is a good argument for open source software, so that things like this could be audited by privacy advocates.

You're absolutely correct, the microphone should be able to be disabled on the operating system. But a company with the resources of FB will be able to own the functionality of your computer once you've used at least 1-2 of basic Facebook functions that we would normally presume to be innocuous, i.e. the microphone.

Further, imagine attempting to prove, in court, that Facebook went into your computer and turned your mic on. There's almost no recourse for behavior like that, that's what makes it so scary.

Can the court subpoena code?  If so, then they should be able to have an expert examine the code and tell if it is capable of turning on the mic on it's own.  I'm not really sure if that's breaking any law, though.

Online jmecklenborg

  • Jeddah Tower 3,281'
  • *****
  • Posts: 13828
Re: Security and Privacy
« Reply #38 on: February 12, 2018, 11:57:42 PM »
This isn't really a fair characterization of the benefits of having mobile/smartphones, though. Getting real-time transit info, for example, allows you to plan much more dynamically than waiting for a bus that is late or had its run canceled. No amount of non-sloppy planning would fix that, and it's not an infrequent occurrence for many who rely on transit daily. That's just one example of many tangible benefits.

I just look at the schedule (or know the schedule) and stand there until the bus shows up.  Looking at your phone doesn't make it get there any sooner. 

As someone who delivered food before and after cell phones, I can testify that cell phones DID NOT make the task any smoother.  Whatever problems it solved were replaced with many others.  For example, an incredible number of people immediately turn off their phones after ordering food. 

Hey, I just ordered a pizza -- I'd better turn my phone OFF. 

Driving for uber?  Same problem.  People requested a car, you show up, they turned their phone OFF.  Then they get in the car, insist that they switch your music to Taylor Swift, then manage TO LEAVE THE PHONE IN YOUR CAR.  So they couldn't be separated from the stupid thing for 20 minutes, then they leave it in the back seat.  Then, when you drive it back to them, their little rich ass blames it on you. 



Offline YABO713

  • Burj Khalifa 2,722'
  • *****
  • Posts: 1814
Re: Security and Privacy
« Reply #39 on: February 13, 2018, 07:11:04 AM »
You're absolutely correct, the microphone should be able to be disabled on the operating system. But a company with the resources of FB will be able to own the functionality of your computer once you've used at least 1-2 of basic Facebook functions that we would normally presume to be innocuous, i.e. the microphone.

Further, imagine attempting to prove, in court, that Facebook went into your computer and turned your mic on. There's almost no recourse for behavior like that, that's what makes it so scary.

Can the court subpoena code?  If so, then they should be able to have an expert examine the code and tell if it is capable of turning on the mic on it's own.  I'm not really sure if that's breaking any law, though.
[/quote]

Yeah the code can be subpoena’d, certainly. Though that subpoena will be a major basis for appeal and tie up litigation for years.

Additionally, the code will show that Facebook had the capability, not that they actually did it. Without that specific action, there’s no damages. Without damages, very few attorneys outside of the ACLU etc will be interested in taking the case. The most radical thing to come out of a case like that would be an injunction, imo

Offline YABO713

  • Burj Khalifa 2,722'
  • *****
  • Posts: 1814
Re: Security and Privacy
« Reply #40 on: February 13, 2018, 09:31:41 AM »
Further, most digital natives grew up with a sense that their privacy was compromised - via Facebook posts, etc. My generation was just on the cusp of being able to remember an existence off the grid.

I'd argue that in America right now, one does not have the right to be forgotten or left alone. Not if you want any semblance of a normal life at least.

Offline Robuu

  • Premium Member
  • Metropolitan Tower 224'
  • ***
  • Posts: 98
Re: Security and Privacy
« Reply #41 on: February 13, 2018, 10:12:07 AM »
This isn't really a fair characterization of the benefits of having mobile/smartphones, though. Getting real-time transit info, for example, allows you to plan much more dynamically than waiting for a bus that is late or had its run canceled. No amount of non-sloppy planning would fix that, and it's not an infrequent occurrence for many who rely on transit daily. That's just one example of many tangible benefits.

I just look at the schedule (or know the schedule) and stand there until the bus shows up.  Looking at your phone doesn't make it get there any sooner. 

Notice the bolded part. The schedule won't tell you if a bus is running late or its run was canceled. Especially in the case that a run is canceled and the headways are long, it's a significant quality of life improvement to not be sitting at a bus stop twiddling your thumbs for 30+ extra minutes.

Offline GCrites80s

  • Jeddah Tower 3,281'
  • *****
  • Posts: 8160
  • 1492 or 4,192?
Re: Security and Privacy
« Reply #42 on: February 13, 2018, 10:19:48 AM »
Further, most digital natives grew up with a sense that their privacy was compromised - via Facebook posts, etc. My generation was just on the cusp of being able to remember an existence off the grid.

I'd argue that in America right now, one does not have the right to be forgotten or left alone. Not if you want any semblance of a normal life at least.

All you used to have to do was leave town.

Offline YABO713

  • Burj Khalifa 2,722'
  • *****
  • Posts: 1814
Re: Security and Privacy
« Reply #43 on: February 13, 2018, 10:44:13 AM »
^Right, now you almost certainly have to use a credit card to get there.

Offline taestell

  • Global Moderator
  • Jeddah Tower 3,281'
  • *****
  • Posts: 6790
Re: Security and Privacy
« Reply #44 on: February 13, 2018, 12:09:36 PM »
If you guys are truly concerned about apps and websites turning on your webcams and microphones, I hope you are using operating systems and hardware that prevent applications from doing so.

For example, on iOS, the permissions are very granular. You can go into your settings and verify which apps have permission to access your camera, microphone, photos, location, etc. When the apps are using those things, an icon is shown on the phone to indicate that. If you have not granted that permission, it is simply not possible for an application to bypass that. A lot of apps also request to know your location at all times, and I change the vast majority down to the lower "use my location only when I'm using the app" setting.

Similarly, on the last generation of MacBook Pro and iMac hardware, the webcam is controlled via a different internal chipset. Therefore it is impossible for any app to use the webcam without turning on the green LED right next to the webcam. Although it does not have an type of indicator light that comes on when the microphone is in use.

Online jmecklenborg

  • Jeddah Tower 3,281'
  • *****
  • Posts: 13828
Re: Security and Privacy
« Reply #45 on: February 13, 2018, 12:15:34 PM »
Notice the bolded part. The schedule won't tell you if a bus is running late or its run was canceled. Especially in the case that a run is canceled and the headways are long, it's a significant quality of life improvement to not be sitting at a bus stop twiddling your thumbs for 30+ extra minutes.

Phone people are either screwing around with their phone indoors or outdoors.  If it's raining, you need an umbrella anyway for when you walk from the bus to wherever you're going. 

When I was a kid (again, no phones, no internet) one day the school bus didn't show up and we all stood around joking for about 15 minutes wondering if we actually had to go to school. Then a yellow mini bus showed up with an unknown driver and we all had to crowd on that thing, which was pretty funny.  Unfortunately we still ended up getting to school on time.  So FFWD 25 years...with the miracle of cell phones, we could have known the mini bus was coming and gone back to our houses to play with our phones for 10 minutes instead of playing with our phones for 10 minutes at the bus stop.  We could have snapchatted a photo of the mini bus.  Awesome.  Rad.  LIKES!


Offline YABO713

  • Burj Khalifa 2,722'
  • *****
  • Posts: 1814
Re: Security and Privacy
« Reply #46 on: February 13, 2018, 01:40:23 PM »
If you guys are truly concerned about apps and websites turning on your webcams and microphones, I hope you are using operating systems and hardware that prevent applications from doing so.

For example, on iOS, the permissions are very granular. You can go into your settings and verify which apps have permission to access your camera, microphone, photos, location, etc. When the apps are using those things, an icon is shown on the phone to indicate that. If you have not granted that permission, it is simply not possible for an application to bypass that. A lot of apps also request to know your location at all times, and I change the vast majority down to the lower "use my location only when I'm using the app" setting.

Similarly, on the last generation of MacBook Pro and iMac hardware, the webcam is controlled via a different internal chipset. Therefore it is impossible for any app to use the webcam without turning on the green LED right next to the webcam. Although it does not have an type of indicator light that comes on when the microphone is in use.

From a few of my sources on the "other side", I'm not convinced of the effectiveness of these OS's

Offline Robuu

  • Premium Member
  • Metropolitan Tower 224'
  • ***
  • Posts: 98
Re: Security and Privacy
« Reply #47 on: February 13, 2018, 04:00:45 PM »
Stock Android (AOSP) is open source.

Offline taestell

  • Global Moderator
  • Jeddah Tower 3,281'
  • *****
  • Posts: 6790
Re: Security and Privacy
« Reply #48 on: February 13, 2018, 04:57:08 PM »
From a few of my sources on the "other side", I'm not convinced of the effectiveness of these OS's

What are you implying? That if I go into my iOS settings and deny an app the ability to use my microphone, the app is figuring out some way to get around that restriction? If so, that would be a huge security vulnerability, and given how much people like to s**t on Apple any time they make a mistake, it would be front page news. I follow a lot of people in the information security field and have never heard anyone make an accusation like this.

Online X

  • Global Moderator
  • Jeddah Tower 3,281'
  • *****
  • Posts: 9697
    • Western Reserve Meadery
Re: Security and Privacy
« Reply #49 on: February 13, 2018, 05:16:20 PM »
Stock Android (AOSP) is open source.

Does any phone manufacture release an AOSP only phone? I would guess that even the Nexus ships with proprietary Google code.

IOS and MacOS also have open source components.

KDE is trying to create a fully open source phone/tablet OS, but it's a ways off, if it ever works.

Offline YABO713

  • Burj Khalifa 2,722'
  • *****
  • Posts: 1814
Re: Security and Privacy
« Reply #50 on: February 13, 2018, 05:17:50 PM »
From a few of my sources on the "other side", I'm not convinced of the effectiveness of these OS's

What are you implying? That if I go into my iOS settings and deny an app the ability to use my microphone, the app is figuring out some way to get around that restriction? If so, that would be a huge security vulnerability, and given how much people like to s**t on Apple any time they make a mistake, it would be front page news. I follow a lot of people in the information security field and have never heard anyone make an accusation like this.

No. I'm implying that such a feature can be rendered useless if someone else has access to and thereby control over your phone.

Phones are being hacked more rapidly than computers right now. And once the harmful malware is there, that hacker owns that phone.

Online X

  • Global Moderator
  • Jeddah Tower 3,281'
  • *****
  • Posts: 9697
    • Western Reserve Meadery
Re: Security and Privacy
« Reply #51 on: February 13, 2018, 05:30:06 PM »
Are you saying that major tech companies like Facebook or Amazon are creating malware?  Or that someone else is creating malware, which is then exploited by FB or Amazon?

Offline taestell

  • Global Moderator
  • Jeddah Tower 3,281'
  • *****
  • Posts: 6790
Re: Security and Privacy
« Reply #52 on: February 13, 2018, 05:37:06 PM »
Someone else having physical access to the device is a whole different matter. To my prior point, this is why Apple is starting to add an additional layer of security where the computer will not even boot unless the operating system has been cryptographically signed by Apple. This feature has only debuted in the new iMac Pro that just came out in December, but will roll out to their other machines as new hardware comes out (since it requires a second chipset on the machine). This means that even if someone has physical access to your machine and has installed a hacked version of the OS that bugs your mic, the security chipset won't even allow the machine to boot.

Online jmecklenborg

  • Jeddah Tower 3,281'
  • *****
  • Posts: 13828
Re: Security and Privacy
« Reply #53 on: February 13, 2018, 05:49:46 PM »
Someone else having physical access to the device is a whole different matter. To my prior point, this is why Apple is starting to add an additional layer of security where the computer will not even boot unless the operating system has been cryptographically signed by Apple. This feature has only debuted in the new iMac Pro that just came out in December, but will roll out to their other machines as new hardware comes out (since it requires a second chipset on the machine). This means that even if someone has physical access to your machine and has installed a hacked version of the OS that bugs your mic, the security chipset won't even allow the machine to boot.

What about that new $350 speaker that Apple is selling?  It has a mic on it. 

Offline 327

  • Jeddah Tower 3,281'
  • *****
  • Posts: 6730
Re: Security and Privacy
« Reply #54 on: February 13, 2018, 06:25:20 PM »
Someone else having physical access to the device is a whole different matter. To my prior point, this is why Apple is starting to add an additional layer of security where the computer will not even boot unless the operating system has been cryptographically signed by Apple. This feature has only debuted in the new iMac Pro that just came out in December, but will roll out to their other machines as new hardware comes out (since it requires a second chipset on the machine). This means that even if someone has physical access to your machine and has installed a hacked version of the OS that bugs your mic, the security chipset won't even allow the machine to boot.

I know a guy who (says he) can hack most phones from sufficient distance that you wouldn't think twice about him.  He would need to be relatively close though, like across the street.  If his methods are no good anymore, that's wonderful.  But I doubt security systems will even get too far ahead of hackers.  Security will never quite win the war because the hacker army is thousands of times bigger than theirs.  And because nefarious intent seems to breed a certain amount of creativity.

Offline taestell

  • Global Moderator
  • Jeddah Tower 3,281'
  • *****
  • Posts: 6790
Re: Security and Privacy
« Reply #55 on: February 15, 2018, 02:30:32 PM »
What about that new $350 speaker that Apple is selling?  It has a mic on it. 

Six microphones, actually.