diff --git a/images/tp/SHA256SUM b/images/tp/SHA256SUM index c8e2519..c1d2892 100644 --- a/images/tp/SHA256SUM +++ b/images/tp/SHA256SUM @@ -1,3 +1,7 @@ +48b3e8553c7c51573eb773a4ef4feeb2221ba33112d207b676e0de7e08665bd3 cell-tower.jpg +e45b7dcf52382c2ccb8d0fd2c8b10491e37733f4cfbf611444ca7087aa01e727 stingray.jpg +97b9850d7087ff14c93f5e01b3f4b248b030c85d4790d334eb58ce6384ab3d5e gps.jpg +ca51e8ba23a87140b1f2cf573d4761df888d7f939947823c695004ce5d3f31f7 replicant.png 8df6f6442bfb895e2d4d5d599d2d9a477405f590587f2a473c3e59a46d06b325 alpr-mounted.png 4b0050a377af1fcd72f14863408eef44d40e7ba6fe31e2121ec7c3a51781a752 alpr-capture.png 31597ba3731e6eccf2e68ae8b91ad25b2e6e4685814e723333d9ea1d2579b635 alpr-pips.png diff --git a/images/tp/remote-list b/images/tp/remote-list index 6d4f264..abf561a 100644 --- a/images/tp/remote-list +++ b/images/tp/remote-list @@ -1,3 +1,7 @@ +cell-tower.jpg https://web.archive.org/web/20170319180434/https://upload.wikimedia.org/wikipedia/commons/thumb/2/2a/T-Mobile_cell_site.jpg/251px-T-Mobile_cell_site.jpg +stingray.jpg https://web.archive.org/web/20170319180653/https://upload.wikimedia.org/wikipedia/en/c/c5/Stingray_Harris_handle_side.jpg +gps.jpg https://web.archive.org/web/20170319181816/https://upload.wikimedia.org/wikipedia/commons/thumb/8/8d/GPS_Satellite_NASA_art-iif.jpg/300px-GPS_Satellite_NASA_art-iif.jpg +replicant.png https://web.archive.org/web/20170320015032/http://www.replicant.us/images/replicant.png alpr-mounted.png https://web.archive.org/web/20170318173251/https://www.eff.org/files/2015/10/20/paxton_and_spencer_.png alpr-capture.png https://web.archive.org/web/20170318173346/https://www.eff.org/files/2015/10/20/paxton_captures.png alpr-pips.png https://web.archive.org/web/20170318173427/https://www.eff.org/files/2015/10/15/pipscam9_redacted.png diff --git a/sapsf.bib b/sapsf.bib index 7f4e2d3..2448d63 100644 --- a/sapsf.bib +++ b/sapsf.bib @@ -1025,3 +1025,36 @@ url = {http://www.trustev.com/technology}, urldate = {2017-03-19}, } + +@online{w:file:cell-tower, + author = {Appel, Thomas}, + title = {File:T-mobile cell site}, + organization = {Wikipedia}, + date = {2015-09-23}, + url = {https://en.wikipedia.org/wiki/File:T-Mobile_cell_site.jpg}, + urldate = {2017-03-19}, +} + +@online{w:file:stingray, + title = {File:Stingray Harris handle side.jpg}, + date = {2013-04}, + organization = {Harris Corporation}, + url = {https://en.wikipedia.org/wiki/File:Stingray_Harris_handle_side.jpg}, + urldate = {2017-03-19}, +} + +@online{w:file:gps, + title = {File:GPS Satellite NASA art-iif.jpg}, + date = {2006-02-09}, + organization = {NASA}, + url = {https://en.wikipedia.org/wiki/File:GPS_Satellite_NASA_art-iif.jpg}, + urldate = {2017-03-19}, +} + +@online{wsj:app-loc, + title = {What They Know - Mobile - WSJ}, + organization = {The Wall Street Journal}, + url = {http://blogs.wsj.com/wtk-mobile/}, + urldate = {2017-03-19}, + annotation = {Popular apps that transmit location information in~2010}, +} diff --git a/slides.org b/slides.org index a54350e..658610b 100644 --- a/slides.org +++ b/slides.org @@ -65,7 +65,7 @@ invasive topic-wise. * LACKING Slides :export:ignore: -** REVIEWED Introduction / Opening :B_fullframe: +** READY Introduction / Opening :B_fullframe: :PROPERTIES: :DURATION: 00:01 :BEAMER_env: fullframe @@ -109,17 +109,18 @@ often used and dismissed as tinfoil-hat FUD.) #+END_COMMENT #+BEGIN_CENTER - #+BEAMER: \only<1>{You're Being Tracked.} - #+BEAMER: \only<2>{(No, really, I have references.)} + #+BEAMER: \only<1->{\Huge You're Being Tracked.} + + #+BEAMER: \only<2>{\large(No, really, I have references.)} #+END_CENTER -** REVIEWED Mobile [0/5] -*** REVIEWED Introduction :B_ignoreheading: +** AUGMENT Mobile [5/5] +*** READY Introduction :B_ignoreheading: :PROPERTIES: :BEAMER_env: ignoreheading :END: -**** REVIEWED Introduction :B_fullframe: +**** READY Introduction :B_fullframe: :PROPERTIES: :DURATION: 00:00:15 :BEAMER_env: fullframe @@ -140,17 +141,33 @@ A phone is often synonymous with an individual; In other words: they're excellent tracking devices. #+END_COMMENT -*** REVIEWED Cell Towers [0/2] +*** READY Cell Towers [2/2] :PROPERTIES: :DURATION: 0:02 :END: -**** REVIEWED Fundamentally Needed +**** READY Fundamentally Needed :PROPERTIES: :DURATION: 00:00:45 :END: + +***** Summary +:PROPERTIES: +:BEAMER_col: 0.75 +:END: - Phone needs tower to make and receive calls - Gives away approximate location\cite{pbs:nova:boston} +***** Tower Image +:PROPERTIES: +:BEAMER_col: 0.25 +:END: + +#+BEGIN_CENTER +[[./images/tp/cell-tower.jpg]] + +\incite{w:file:cell-tower} +#+END_CENTER + #+BEGIN_COMMENT The primary reason is inherent in a phone's design: cell towers. @@ -173,16 +190,33 @@ You can imagine that such would be a very useful and important feature for #+END_COMMENT -**** REVIEWED Cell-Site Simulators +**** READY Cell-Site Simulators :PROPERTIES: :DURATION: 00:00:45 :END: + +***** Summary +:PROPERTIES: +:BEAMER_col: 0.65 +:END: - <1-> IMSI-Catchers - <1-> Masquerade as cell towers - <1-> Most popular: Stingray - <2-> Free/libre Android program AIMSICD available on F-Droid attempts to detect\cite{aimsid} +***** Stingray Image +:PROPERTIES: +:BEAMER_col: 0.35 +:END: + +#+BEGIN_CENTER +[[./images/tp/stingray.jpg]] + +\incite{w:file:stingray} +#+END_CENTER + + #+BEGIN_COMMENT Cell Site Simulators have made a lot of news in the past (including my local news), @@ -207,22 +241,22 @@ It is free software and is available on F-Droid. #+END_COMMENT -*** REVIEWED Wifi [0/3] +*** READY Wifi [1/1] :PROPERTIES: :DURATION: 0:01 :END: -**** REVIEWED ESSID and MAC Broadcast +**** READY ESSID and MAC Broadcast :PROPERTIES: :DURATION: 00:01 :END: - <1-> Device may broadcast ESSIDs of past hidden networks -- <2-> Expose unique hardware identifiers (MAC address) -- <3-> **Defending against this is difficult** - - <4-> /Turn off Wifi/ in untrusted places - - <4-> Turn off settings to auto-connect when receiving e.g. MMS - - <5-> Use cellular data (e.g. {2,3,4}G) - - <6-> **MAC address randomization works poorly**\cite{arxiv:mac} +- <1-> Expose unique hardware identifiers (MAC address) +- <2-> **Defending against this is difficult** + - <3-> /Turn off Wifi/ in untrusted places + - <3-> Turn off settings to auto-connect when receiving e.g. MMS + - <4-> Use cellular data (e.g. {2,3,4}G) + - <5-> **MAC address randomization works poorly**\cite{arxiv:mac} #+BEGIN_COMMENT What else is inherent in a modern phone design? @@ -262,24 +296,26 @@ And of course, we do. #+END_COMMENT -*** REVIEWED Geolocation [0/3] +*** READY Geolocation [3/3] :PROPERTIES: :DURATION: 0:02 :END: -**** REVIEWED GPS +**** READY Global Positioning System (GPS) :PROPERTIES: -:DURATION: 00:01 +:DURATION: 00:00:30 :END: + +#+BEGIN_CENTER +#+ATTR_LATEX: :height 1in +[[./images/tp/gps.jpg]]\incite{w:file:gps} +#+END_CENTER + - <1-> Not inherently a surveillance tool -- <2-> Often enabled by default - - <2-> Might prompt user, but features are attractive -- <3-> Programs give excuses to track\cite{jots:mobile} - - <3-> Navigation systems - - <3-> Location information for social media, photos, nearby friends, finding +- <2-> Often enabled, and programs abuse it\cite{jots:mobile} + - <2-> Legitimate: navigation, social media, photos, nearby friends, finding lost phones, location-relative searches, etc. -- <4-> Not-so-good: targeted advertising and building users profiles -- <4-> If phone is compromised, location is known +- <3-> If phone is compromised, location is known #+BEGIN_COMMENT Let's talk about geolocation! @@ -287,8 +323,8 @@ Many people find them to be very convenient. The most popular being GPS. GPS isn't inherently a surveillance tool; -it can't track you on its own. -Your GPS device triangulates its location based on signals + it can't track you on its own. +Your GPS device calculates its location based on signals broadcast by GPS satellites in line-of-site. Because of the cool features it permits, @@ -305,19 +341,23 @@ Navigation systems, all of these things are legitimate. You just need to be able to trust the software that you are running, Often times, you can't. -Without source code, - it's sometimes hard to say if a program is doing other things. -Like using it for targeted advertising, - and/or building a user profile (which we'll talk about later). + +Even if you can, + if your device is owned, + they can just enable GPS and your location is known. #+END_COMMENT -**** REVIEWED But I Want GPS! +**** READY But I Want GPS! :PROPERTIES: -:DURATION: 00:00:30 +:DURATION: 00:00:40 :END: - <1-> Is the program transparent in what data it sends? (Is the source code available?)\cite{jots:mobile} -- <1-> Does the program let you disable those features? + - <1-> 2010: 47 of top 100 Android and iOS apps sent location to devs and + third parties\cite{wsj:app-loc} + - <1-> Ex: /Angry Birds/ sent address book, location, and device ID to + third party\cite{networks-of-control} +- <1-> Does the program let you disable those [anti-]features? - <2-> Pre-download location-sensitive data (e.g. street maps) - <2-> OsmAnd (free software, Android and iOS)\cite{osmand} @@ -325,6 +365,14 @@ Like using it for targeted advertising, So you may legitimately want GPS enabled. It's terrible that you should be concerned about it. +Are the programs you're using transparent in what they're sending? +A precondition to that answer is source code; + it's otherwise hard to say if a program is doing other things. + +A study by the Wall Street Journal found that 47 of the 100 Android and iOS + apps in 2010 shared your location with not only the developers, + but also with third parties. + You need to know what data you're leaking so that you can decide whether or not you want to do so. And you need the option to disable it. @@ -337,9 +385,9 @@ Some apps let you use pre-downloaded maps, #+END_COMMENT -**** REVIEWED Location Services +**** READY Location Services :PROPERTIES: -:DURATION: 00:00:45 +:DURATION: 00:00:30 :END: - <1-> No GPS? No problem! @@ -349,7 +397,7 @@ Some apps let you use pre-downloaded maps, nearby cell towers\cite{w:wps} - <2-> Signal strength and SSIDs and MACs of Access Points \cite{w:trilateration,acm:spotfi,acm:lteye} -- <3-> Gathered by Google Street View cars +- <3-> Some gathered by Google Street View cars - <3-> Your device may report back nearby networks to build a more comprehensive database - <4-> Works even where GPS and Cell signals cannot penetrate @@ -365,7 +413,7 @@ There are numerous services available to geolocate based on nearby access Based on the signal strength of nearby WiFi networks, your position can be more accurately trangulated. -These data are gathered by Google Street View cars. +Some of these data are gathered by Google Street View cars. Your phone might also be reporting back nearby networks in order to improve the quality of these databases. @@ -376,14 +424,14 @@ And it works where GPS and maybe even cell service don't, such as inside So just because GPS is off does not mean your location is unknown. #+END_COMMENT -*** REVIEWED Operating System [0/3] +*** READY Operating System [3/3] :PROPERTIES: :DURATION: 0:02 :END: -**** REVIEWED Untrusted/Proprietary OS +**** READY Untrusted/Proprietary OS :PROPERTIES: -:DURATION: 00:00:45 +:DURATION: 00:00:40 :END: - <1-> Who does your phone work for? @@ -413,7 +461,7 @@ In November of last year it was discovered that these popular phones That software could also remotely execute code on the device. #+END_COMMENT -**** REVIEWED Free/Libre Mobile OS? +**** READY Free/Libre Mobile OS? :PROPERTIES: :DURATION: 00:00:30 :END: @@ -421,7 +469,14 @@ That software could also remotely execute code on the device. - <1-> But every phone requires proprietary drivers, or contains proprietary software - <2-> Replicant\cite{replicant} - - <3> Niche. Interest is low, largely work of one developer now. + - <2> Niche. Largely work of one developer now. (Help if you can!) + +#+BEAMER: \uncover<2>{ +#+BEGIN_CENTER +#+ATTR_LATEX: :width: 7in +[[./images/tp/replicant.png]] +#+END_CENTER +#+BEAMER: } #+BEGIN_COMMENT Android is supposedly a free operating system. @@ -439,7 +494,7 @@ I feel like I can at least trust my phone a little bit, #+END_COMMENT -**** REVIEWED Modem Isolation +**** READY Modem Isolation :PROPERTIES: :DURATION: 00:00:30 :END: