mikegerwitz
/
sapsf
1
0
Fork 0
Code Releases Activity

Mobile section nearly ready 

Just needs to be augmented with additional information (slides).

* slides.org (Mobile): All slides ready.  Needs more.
* images/tp/remote-list: Add images for Mobile.
* images/tp/SHA256SUM: Update with hashes of new images.
master
Mike Gerwitz 2017-03-19 22:06:57 -04:00
parent bbc74fbd55
commit 4a30b85b20
4 changed files with 142 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
images/tp/SHA256SUM
View File

@ -1,3 +1,7 @@
48b3e8553c7c51573eb773a4ef4feeb2221ba33112d207b676e0de7e08665bd3 cell-tower.jpg
e45b7dcf52382c2ccb8d0fd2c8b10491e37733f4cfbf611444ca7087aa01e727 stingray.jpg
97b9850d7087ff14c93f5e01b3f4b248b030c85d4790d334eb58ce6384ab3d5e gps.jpg
ca51e8ba23a87140b1f2cf573d4761df888d7f939947823c695004ce5d3f31f7 replicant.png
8df6f6442bfb895e2d4d5d599d2d9a477405f590587f2a473c3e59a46d06b325 alpr-mounted.png
4b0050a377af1fcd72f14863408eef44d40e7ba6fe31e2121ec7c3a51781a752 alpr-capture.png
31597ba3731e6eccf2e68ae8b91ad25b2e6e4685814e723333d9ea1d2579b635 alpr-pips.png

4
images/tp/remote-list
View File

@ -1,3 +1,7 @@
cell-tower.jpg https://web.archive.org/web/20170319180434/https://upload.wikimedia.org/wikipedia/commons/thumb/2/2a/T-Mobile_cell_site.jpg/251px-T-Mobile_cell_site.jpg
stingray.jpg https://web.archive.org/web/20170319180653/https://upload.wikimedia.org/wikipedia/en/c/c5/Stingray_Harris_handle_side.jpg
gps.jpg https://web.archive.org/web/20170319181816/https://upload.wikimedia.org/wikipedia/commons/thumb/8/8d/GPS_Satellite_NASA_art-iif.jpg/300px-GPS_Satellite_NASA_art-iif.jpg
replicant.png https://web.archive.org/web/20170320015032/http://www.replicant.us/images/replicant.png
alpr-mounted.png https://web.archive.org/web/20170318173251/https://www.eff.org/files/2015/10/20/paxton_and_spencer_.png
alpr-capture.png https://web.archive.org/web/20170318173346/https://www.eff.org/files/2015/10/20/paxton_captures.png
alpr-pips.png https://web.archive.org/web/20170318173427/https://www.eff.org/files/2015/10/15/pipscam9_redacted.png

33
sapsf.bib
View File

@ -1025,3 +1025,36 @@
url = {http://www.trustev.com/technology},
urldate = {2017-03-19},
}
@online{w:file:cell-tower,
author = {Appel, Thomas},
title = {File:T-mobile cell site},
organization = {Wikipedia},
date = {2015-09-23},
url = {https://en.wikipedia.org/wiki/File:T-Mobile_cell_site.jpg},
urldate = {2017-03-19},
}
@online{w:file:stingray,
title = {File:Stingray Harris handle side.jpg},
date = {2013-04},
organization = {Harris Corporation},
url = {https://en.wikipedia.org/wiki/File:Stingray_Harris_handle_side.jpg},
urldate = {2017-03-19},
}
@online{w:file:gps,
title = {File:GPS Satellite NASA art-iif.jpg},
date = {2006-02-09},
organization = {NASA},
url = {https://en.wikipedia.org/wiki/File:GPS_Satellite_NASA_art-iif.jpg},
urldate = {2017-03-19},
}
@online{wsj:app-loc,
title = {What They Know - Mobile - WSJ},
organization = {The Wall Street Journal},
url = {http://blogs.wsj.com/wtk-mobile/},
urldate = {2017-03-19},
annotation = {Popular apps that transmit location information in~2010},
}

147
slides.org
View File

@ -65,7 +65,7 @@ invasive topic-wise.
* LACKING Slides :export:ignore:
** REVIEWED Introduction / Opening :B_fullframe:
** READY Introduction / Opening :B_fullframe:
:PROPERTIES:
:DURATION: 00:01
:BEAMER_env: fullframe
@ -109,17 +109,18 @@ often used and dismissed as tinfoil-hat FUD.)
#+END_COMMENT
#+BEGIN_CENTER
#+BEAMER: \only<1>{You're Being Tracked.}
#+BEAMER: \only<2>{(No, really, I have references.)}
#+BEAMER: \only<1->{\Huge You're Being Tracked.}
#+BEAMER: \only<2>{\large(No, really, I have references.)}
#+END_CENTER
** REVIEWED Mobile [0/5]
*** REVIEWED Introduction :B_ignoreheading:
** AUGMENT Mobile [5/5]
*** READY Introduction :B_ignoreheading:
:PROPERTIES:
:BEAMER_env: ignoreheading
:END:
**** REVIEWED Introduction :B_fullframe:
**** READY Introduction :B_fullframe:
:PROPERTIES:
:DURATION: 00:00:15
:BEAMER_env: fullframe
@ -140,17 +141,33 @@ A phone is often synonymous with an individual;
In other words: they're excellent tracking devices.
#+END_COMMENT
*** REVIEWED Cell Towers [0/2]
*** READY Cell Towers [2/2]
:PROPERTIES:
:DURATION: 0:02
:END:
**** REVIEWED Fundamentally Needed
**** READY Fundamentally Needed
:PROPERTIES:
:DURATION: 00:00:45
:END:
***** Summary
:PROPERTIES:
:BEAMER_col: 0.75
:END:
- Phone needs tower to make and receive calls
- Gives away approximate location\cite{pbs:nova:boston}
***** Tower Image
:PROPERTIES:
:BEAMER_col: 0.25
:END:
#+BEGIN_CENTER
[[./images/tp/cell-tower.jpg]]
\incite{w:file:cell-tower}
#+END_CENTER
#+BEGIN_COMMENT
The primary reason is inherent in a phone's design:
cell towers.
@ -173,16 +190,33 @@ You can imagine that such would be a very useful and important feature for
#+END_COMMENT
**** REVIEWED Cell-Site Simulators
**** READY Cell-Site Simulators
:PROPERTIES:
:DURATION: 00:00:45
:END:
***** Summary
:PROPERTIES:
:BEAMER_col: 0.65
:END:
- <1-> IMSI-Catchers
- <1-> Masquerade as cell towers
- <1-> Most popular: Stingray
- <2-> Free/libre Android program AIMSICD available on F-Droid attempts to
detect\cite{aimsid}
***** Stingray Image
:PROPERTIES:
:BEAMER_col: 0.35
:END:
#+BEGIN_CENTER
[[./images/tp/stingray.jpg]]
\incite{w:file:stingray}
#+END_CENTER
#+BEGIN_COMMENT
Cell Site Simulators have made a lot of news in the past (including my local
news),
@ -207,22 +241,22 @@ It is free software and is available on F-Droid.
#+END_COMMENT
*** REVIEWED Wifi [0/3]
*** READY Wifi [1/1]
:PROPERTIES:
:DURATION: 0:01
:END:
**** REVIEWED ESSID and MAC Broadcast
**** READY ESSID and MAC Broadcast
:PROPERTIES:
:DURATION: 00:01
:END:
- <1-> Device may broadcast ESSIDs of past hidden networks
- <2-> Expose unique hardware identifiers (MAC address)
- <3-> **Defending against this is difficult**
- <4-> /Turn off Wifi/ in untrusted places
- <4-> Turn off settings to auto-connect when receiving e.g. MMS
- <5-> Use cellular data (e.g. {2,3,4}G)
- <6-> **MAC address randomization works poorly**\cite{arxiv:mac}
- <1-> Expose unique hardware identifiers (MAC address)
- <2-> **Defending against this is difficult**
- <3-> /Turn off Wifi/ in untrusted places
- <3-> Turn off settings to auto-connect when receiving e.g. MMS
- <4-> Use cellular data (e.g. {2,3,4}G)
- <5-> **MAC address randomization works poorly**\cite{arxiv:mac}
#+BEGIN_COMMENT
What else is inherent in a modern phone design?
@ -262,24 +296,26 @@ And of course, we do.
#+END_COMMENT
*** REVIEWED Geolocation [0/3]
*** READY Geolocation [3/3]
:PROPERTIES:
:DURATION: 0:02
:END:
**** REVIEWED GPS
**** READY Global Positioning System (GPS)
:PROPERTIES:
:DURATION: 00:01
:DURATION: 00:00:30
:END:
#+BEGIN_CENTER
#+ATTR_LATEX: :height 1in
[[./images/tp/gps.jpg]]\incite{w:file:gps}
#+END_CENTER
- <1-> Not inherently a surveillance tool
- <2-> Often enabled by default
- <2-> Might prompt user, but features are attractive
- <3-> Programs give excuses to track\cite{jots:mobile}
- <3-> Navigation systems
- <3-> Location information for social media, photos, nearby friends, finding
- <2-> Often enabled, and programs abuse it\cite{jots:mobile}
- <2-> Legitimate: navigation, social media, photos, nearby friends, finding
lost phones, location-relative searches, etc.
- <4-> Not-so-good: targeted advertising and building users profiles
- <4-> If phone is compromised, location is known
- <3-> If phone is compromised, location is known
#+BEGIN_COMMENT
Let's talk about geolocation!
@ -287,8 +323,8 @@ Many people find them to be very convenient.
The most popular being GPS.
GPS isn't inherently a surveillance tool;
it can't track you on its own.
Your GPS device triangulates its location based on signals
it can't track you on its own.
Your GPS device calculates its location based on signals
broadcast by GPS satellites in line-of-site.
Because of the cool features it permits,
@ -305,19 +341,23 @@ Navigation systems,
all of these things are legitimate.
You just need to be able to trust the software that you are running,
Often times, you can't.
Without source code,
it's sometimes hard to say if a program is doing other things.
Like using it for targeted advertising,
and/or building a user profile (which we'll talk about later).
Even if you can,
if your device is owned,
they can just enable GPS and your location is known.
#+END_COMMENT
**** REVIEWED But I Want GPS!
**** READY But I Want GPS!
:PROPERTIES:
:DURATION: 00:00:30
:DURATION: 00:00:40
:END:
- <1-> Is the program transparent in what data it sends? (Is the source code
available?)\cite{jots:mobile}
- <1-> Does the program let you disable those features?
- <1-> 2010: 47 of top 100 Android and iOS apps sent location to devs and
third parties\cite{wsj:app-loc}
- <1-> Ex: /Angry Birds/ sent address book, location, and device ID to
third party\cite{networks-of-control}
- <1-> Does the program let you disable those [anti-]features?
- <2-> Pre-download location-sensitive data (e.g. street maps)
- <2-> OsmAnd (free software, Android and iOS)\cite{osmand}
@ -325,6 +365,14 @@ Like using it for targeted advertising,
So you may legitimately want GPS enabled.
It's terrible that you should be concerned about it.
Are the programs you're using transparent in what they're sending?
A precondition to that answer is source code;
it's otherwise hard to say if a program is doing other things.
A study by the Wall Street Journal found that 47 of the 100 Android and iOS
apps in 2010 shared your location with not only the developers,
but also with third parties.
You need to know what data you're leaking so that you can decide whether
or not you want to do so.
And you need the option to disable it.
@ -337,9 +385,9 @@ Some apps let you use pre-downloaded maps,
#+END_COMMENT
**** REVIEWED Location Services
**** READY Location Services
:PROPERTIES:
:DURATION: 00:00:45
:DURATION: 00:00:30
:END:
- <1-> No GPS? No problem!
@ -349,7 +397,7 @@ Some apps let you use pre-downloaded maps,
nearby cell towers\cite{w:wps}
- <2-> Signal strength and SSIDs and MACs of Access Points
\cite{w:trilateration,acm:spotfi,acm:lteye}
- <3-> Gathered by Google Street View cars
- <3-> Some gathered by Google Street View cars
- <3-> Your device may report back nearby networks to build a more
comprehensive database
- <4-> Works even where GPS and Cell signals cannot penetrate
@ -365,7 +413,7 @@ There are numerous services available to geolocate based on nearby access
Based on the signal strength of nearby WiFi networks,
your position can be more accurately trangulated.
These data are gathered by Google Street View cars.
Some of these data are gathered by Google Street View cars.
Your phone might also be reporting back nearby networks in order to improve
the quality of these databases.
@ -376,14 +424,14 @@ And it works where GPS and maybe even cell service don't, such as inside
So just because GPS is off does not mean your location is unknown.
#+END_COMMENT
*** REVIEWED Operating System [0/3]
*** READY Operating System [3/3]
:PROPERTIES:
:DURATION: 0:02
:END:
**** REVIEWED Untrusted/Proprietary OS
**** READY Untrusted/Proprietary OS
:PROPERTIES:
:DURATION: 00:00:45
:DURATION: 00:00:40
:END:
- <1-> Who does your phone work for?
@ -413,7 +461,7 @@ In November of last year it was discovered that these popular phones
That software could also remotely execute code on the device.
#+END_COMMENT
**** REVIEWED Free/Libre Mobile OS?
**** READY Free/Libre Mobile OS?
:PROPERTIES:
:DURATION: 00:00:30
:END:
@ -421,7 +469,14 @@ That software could also remotely execute code on the device.
- <1-> But every phone requires proprietary drivers, or contains
proprietary software
- <2-> Replicant\cite{replicant}
- <3> Niche. Interest is low, largely work of one developer now.
- <2> Niche. Largely work of one developer now. (Help if you can!)
#+BEAMER: \uncover<2>{
#+BEGIN_CENTER
#+ATTR_LATEX: :width: 7in
[[./images/tp/replicant.png]]
#+END_CENTER
#+BEAMER: }
#+BEGIN_COMMENT
Android is supposedly a free operating system.
@ -439,7 +494,7 @@ I feel like I can at least trust my phone a little bit,
#+END_COMMENT
**** REVIEWED Modem Isolation
**** READY Modem Isolation
:PROPERTIES:
:DURATION: 00:00:30
:END: