@online{panopti:about, author = {Electric Frontier Foundation}, title = {Panopticlick | About}, url = {https://panopticlick.eff.org/about}, urldate = {2017-03-08}, } @online{whonix:donot, author = {Whonix}, title = {DoNot}, url = {https://www.whonix.org/wiki/DoNot}, urldate = {2017-03-05} } @online{tor, author = {Tor Project}, title = {Tor Project: Anonymity Online}, url = {http://torproject.org/}, urldate = {2017-03-09}, } @online{eff:nsa:timeline, author = {Electronic Frontier Foundation}, title = {Timeline of NSA Domestic Spying}, url = {https://www.eff.org/nsa-spying/timeline}, urldate = {2017-03-09}, } @online{mtg:uproar, author = {Mike Gerwitz}, title = {National Uproar: A Comprehensive Overview of the NSA Leaks and Revelations}, url = {https://mikegerwitz.com/2013/06/National-Uproar-A-Comprehensive-Overview-of-the-NSA-Leaks-and-Revelations}, month = 06, year = 2013, urldate = {2017-03-09}, } @online{eff:bernstein:doj, author = {Electronic Frontier Foundation}, title = {Bernstein v. US Department of Justice}, url = {https://www.eff.org/cases/bernstein-v-us-dept-justice}, urldate = {2017-03-09}, } % TODO: figure out how to render the URL @techreport{poodle:paper, author = {Möller, Brodo and Duong, Thai and Kotowicz, Krzysztof}, title = {This POODLE Bites: Exploiting the SSL 3.0 Fallback}, institution = {Google}, year = 2014, month = Sep, url = {https://www.openssl.org/~bodo/ssl-poodle.pdf}, } @online{w:crypto-wars, organization = {Wikipedia}, title = {Crypto Wars}, url = {https://en.wikipedia.org/wiki/Crypto_wars}, urldate = {2017-03-10}, } @online{fedr:export-controls, author = {Executive Office of the President}, title = {Administration of Export Controls on Encryption Products}, url = {https://www.gpo.gov/fdsys/pkg/FR-1996-11-19/pdf/96-29692.pdf}, urldate = {2017-03-10}, month = 11, year = 1996, note = {Federal Register, Vol. 61, No. 224, Executive Order 58767}, } @online{doc:rev-export-reg, author = {United States Department of Commerce}, title = {Revised U.S. Encryption Export Regulations}, url = {https://epic.org/crypto/export_controls/regs_1_00.html}, month = 01, year = 2000, urldate = {2017-03-10}, } @online{arxiv:mac, author = {Martin, Jeremy and Mayberry, Travis and Donahue, Collin and Foppe, Lucas, and Brown, Lamont and Riggins, Chadwick and Rye, Erik C. and Brown, Dane}, title = {A Study of MAC Address Randomization in Mobile Devices and When it Fails}, year = 2017, month = 03, archivePrefix= {arXiv}, eprint = {1703.02874}, primaryClass = {cs.CR}, } @online{aimsid, author = {CellularPrivacy}, title = {Android IMSI-Catcher Detector}, url = {https://cellularprivacy.github.io/Android-IMSI-Catcher-Detector/}, urldate = {2017-03-11}, } @online{osmand, title = {OsmAnd - Offline Mobile Maps and Navigation}, url = {http://osmand.net/}, urldate = {2017-03-11}, } @online{mozilla:loc-services, author = {MozillaWiki}, title = {CloudServices/Location - MozillaWiki}, url = {https://wiki.mozilla.org/CloudServices/Location}, urldate = {2017-03-11}, } @online{openmobilenetwork, title = {OpenMobileNetwork}, url = {http://www.openmobilenetwork.org/}, urldate = {2017-03-11}, } @online{w:wps, organization = {Wikipedia}, title = {Wi-Fi positioning system}, url = {https://en.wikipedia.org/wiki/Wi-Fi_positioning_system}, urldate = {2017-03-11}, } @online{w:trilateration, organization = {Wikipedia}, title = {Trilateration}, url = {https://en.wikipedia.org/wiki/Trilateration}, urldate = {2017-03-11}, } @article{acm:spotfi, author = {Kotaru, Manikanta and Joshi, Kiran and Bharadia, Dinesh and Katti, Sachin}, title = {{SpotFi}: Decimeter Level Localization Using {WiFi}}, journal = {{ACM} {SIGCOMM} Computer Communication Review - {SIGCOMM'15}}, doi = {10.1145/2785956.2787487}, volume = 45, pages = {269-282}, year = 2015, } @article{acm:lteye, author = {Kumar, Swarun and Hamed, Ezzeldin and Katabi, Dina and Li, Li Erran}, title = {{LTE} radio analytics made easy and accessible}, journal = {{S3 '14} Proceedings of the 6th annual workshop on Wireless of the students, by the students, for the students}, doi = {10.1145/2645884.2645891}, pages = {29-30}, year = 2014, } @online{replicant, author = {Replicant}, title = {Replicant}, url = {http://www.replicant.us}, urldate = {2017-03-11}, annotation = {A fully free Android distribution} } @online{replicant:sec, author = {Replicant}, title = {Freedom and privacy/security issues}, url = {http://www.replicant.us/freedom-privacy-security-issues.php}, urldate = {2017-03-11}, } @online{replicant:samsung-bd, author = {Replicant}, title = {Samsung Galaxy back-door}, url = {http://redmine.replicant.us/projects/replicant/wiki/SamsungGalaxyBackdoor}, urldate = {2017-03-11}, annotation = {Backdoor in Samsung Galaxy phones closed by Replicant}, } @online{gnu:malware-mobile, author = {GNU Project}, title = {Malware in Mobile Devices}, url = {https://www.gnu.org/philosophy/malware-mobiles.html}, urldate = {2017-03-11}, annotation = {Numerous resources on privacy/security issues with mobile devices} } @online{jots:mobile, author = {Jinyan Zang and Krysta Dummit and James Graves and Paul Lisker and Latanya Sweeney}, title = {Who Knows What About Me? A Survey of Behind the Scenes Personal Data Sharing to Third Parties by Mobile Apps}, url = {http://jots.pub/a/2015103001/index.php}, urldate = {2017-03-11}, } @online{kryptowire:adups, author = {Kryptowire}, title = {KRYPTOWIRE DISCOVERS MOBILE PHONE FIRMWARE THAT TRANSMITTED PERSONALLY IDENTIFIABLE INFORMATION (PII) WITHOUT USER CONSENT OR DISCLOSURE}, url = {http://www.kryptowire.com/adups_security_analysis.html}, urldate = {2017-03-11}, annotation = {BLU mobile phones transmitting SMS content, contacts, call history, telephone numbers, IMEIs, etc to third-party servers without users' knolwedge or censent} } @online{intercept:nyc-surveil, author = {Currier, Cora}, title = {A Walking Tour of New York's Massive Surveillance Network}, organization = {The Intercept}, date = {2016-09-24}, url = {https://theintercept.com/2016/09/24/a-walking-tour-of-new-yorks-massive-surveillance-network/}, urldate = {2017-03-12}, } @online{shodan, title = {Shodan}, subtitle = {The search engine for the Internet of Things}, url = {https://shodan.io}, urldate = {2017-03-12}, } @online{krebs:mongodb, author = {Krebs, Brian}, title = {Extortionists Wipe Thousands of Databases, Victims Who Pay Up Get Stiffed}, url = {https://krebsonsecurity.com/2017/01/extortionists-wipe-thousands-of-databases-victims-who-pay-up-get-stiffed/}, urldate = {2017-03-12}, } @online{insecam, title = {Insecam - World biggest online cameras directory}, url = {http://insecam.org}, urldate = {2017-03-12}, annotation = {Load the HTTP (non-HTTPS) site, otherwise mixed content is blocked and thumbnails will not work.} } @article{ieee:gait, author = {Rogez, Gr\'egory and Rihan, Jonathan and Guerrero, Jose J.}, title = {Monocular {3D} Gait Tracking in Surveillance Scenes}, journal = {IEEE Transactions on Cybernetics}, url = {http://vision.ics.uci.edu/papers/RogezRGO_Cybernetics_2013/RogezRGO_Cybernetics_2013.pdf} } @article{ijca:gait, author = {Vaidya, Sonali and Shah, Kamal}, title = {Real Time Video Surveillance System}, journal = {International Journal of Computer Applications}, volume = 86, pages = {22-27}, year = 2014, url = {http://research.ijcaonline.org/volume86/number14/pxc3893419.pdf}, annotation = {Discusses realtime gait analysis for video surveillance}, } @online{newsci:fb-noface, author = {Rutkin, Aviva}, title = {Facebook can recognize you in photos even if you're not looking}, organization = {New Scientist}, url = {https://www.newscientist.com/article/dn27761-facebook-can-recognise-you-in-photos-even-if-youre-not-looking/}, urldate = {2017-03-12}, } @online{rms:facebook, author = {Stallman, Richard}, title = {Reasons not to use (i.e., be used by) {Facebook}}, url = {https://stallman.org/facebook.html}, urldate = {2017-03-12}, } @online{register:fb-scan, author = {Chirgwin, Richard}, title = {Facebook conjures up a trap for the unwary: scanning your camera for your friends}, subtitle = {Auto-spam your friends with Photo Magic}, organization = {The Register}, url = {https://web.archive.org/web/20160605165148/http://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/}, urldate = {2017-03-12}, annotation = {Archive.org link used because The~Register blocks Tor~users unless they execute proprietary JavaScript.}, } @online{guardian:fb-scan, author = {Arthur, Charles}, title = {Facebook in new privacy row over facial recognition feature}, subtitle = {Social network turns on new feature to automatically identify people in photos, raising questions about privacy implications of the service}, organization = {The Guardian}, date = {2011-06-08}, url = {https://www.theguardian.com/technology/2011/jun/08/facebook-privacy-facial-recognition}, urldate = {2017-03-12}, } @online{techcrunch:fb-baby, author = {Constine, Josh}, title = {Facebook’s New Photo “Scrapbook” Lets Parents Give Kids An Official Presence}, organization = {TechCrunch}, date = {2016-03-31}, url = {https://techcrunch.com/2015/03/31/step-1-identify-baby-photo-step-2-hide-baby-photos/}, urldate = {2017-03-12}, annotation = {Facebook tricks users into violating their child's privacy before they have any say in the matter.}, } @online{eff:ios-photo-diff, author = {Gebhart, Gennie and Grant, Starchy and Portnov, Erica}, title = {Facial Recognition, Differential Privacy, and Trade-Offs in Apple's Latest OS Releases}, organization = {Electronic Frontier Foundation}, date = {2016-09-27}, url = {https://www.eff.org/deeplinks/2016/09/facial-recognition-differential-privacy-and-trade-offs-apples-latest-os-releases}, urldate = {2017-03-12}, } @online{churchix, title = {Churchix Facial Recognition Software}, subtitle = {Churchix Facial Recognition Software for Event Attendance}, url = {http://churchix.com/}, urldate = {2017-03-12}, annotation = {This software is cited for illustration; do~not use it.} } @online{facefirst, title = {Face Recognition Software for Retail Stores: \#1~Biometric Surveillance for Loss Prevention}, url = {https://www.facefirst.com/industry/retail-face-recognition/}, urldate = {2017-03-12}, annotation = {Full-page loading spinner does not remove itself without running non-free JavaScript; remove it manually using a web browser with a~debugger. This software is cited for illustration; do~not use it.}, } @online{bio:iris, title = {Hacker extracts Merkel's iris image}, organization = {Planet Biometrics}, date = {2015-11-30}, url = {http://www.planetbiometrics.com/article-details/i/3644/}, urldate = {2017-03-12}, } @online{eff:facial-tech, author = {Schwartz, Adam}, title = {The Danger of Corporate Facial Recognition Tech}, subtitle = {The Illinois Biometric Privacy Statute Survived a Recent Attack. But the Struggle Continues}, organization = {Electronic Frontier Foundation}, date = {2016-06-07}, url = {https://www.eff.org/deeplinks/2016/06/danger-corporate-facial-recognition-techgg}, urldate = {2017-03-12}, } @online{eff:fbi-bio, author = {Lynch, Jennifer}, title = {New Report: FBI Can Access Hundreds of Millions of Face Recognition Photos}, organization = {Electronic Frontier Foundation}, date = {2016-06-15}, url = {https://www.eff.org/deeplinks/2016/06/fbi-can-search-400-million-face-recognition-photos}, urldate = {2017-03-12}, } @online{cbs:sf-smile, author = {Borba, Andria}, title = {Nowhere To Hide: Few Public Places Without Surveillance Cameras In San Francisco}, organization = {CBS}, date = {2015-09-24}, url = {http://sanfrancisco.cbslocal.com/2015/09/24/san-francisco-surveillance-camera-tenderloin/}, urldate = {2017-03-12}, } @online{pbs:nova:boston, author = {O'Brien, Michael and Cort, Julia}, title = {Manhunt---{Boston Bombers}}, subtitle = {Which technologies worked—and which didn't---in the race to track down the men behind the marathon attack?}, organization = {WGBH Educational Foundation}, date = {2013-05-29}, url = {http://www.pbs.org/wgbh/nova/tech/manhunt-boston-bombers.html}, urldate = {2017-03-13}, annotation = {Specificall, pay attention to the Domain Awareness System and other surveillance capabilities. Transcript available.}, } @online{reuters:nypd-das, author = {Francescani, Chris}, title = {NYPD expands surveillance net to fight crime as well as terrorism}, organization = {Reuters}, date = {2013-06-21}, url = {http://www.reuters.com/article/usa-ny-surveillance-idUSL2N0EV0D220130621}, urldate = {2017-03-13}, } @online{wired:pixel-face, author = {Newman, Lily Hay}, title = {AI Can Recognize Your Face Even If You’re Pixelated}, organization = {Wired}, date = {2016-09-12}, url = {https://www.wired.com/2016/09/machine-learning-can-identify-pixelated-faces-researchers-show/}, urldate = {2017-03-13}, } @online{arxiv:google-pixel-res, author = {Dahl, Ryan and Norouzi, Mohammad and Shlens, Jonathan}, title = {Pixel Recursive Super Resolution}, organization = {Google Brain}, date = {2017-02-02}, archivePrefix= {arXiv}, eprint = {1702.00783}, primaryClass = {cs.CV}, } @online{fast:das, author = {Ungerleider, Neal}, title = {NYPD, Microsoft Launch All-Seeing “Domain Awareness System” With Real-Time CCTV, License Plate Monitoring}, subtitle = {The New York Police Department has a new terrorism detection system that will also generate profit for the city}, organization = {Fast Company}, date = {2012-08-08}, url = {https://www.fastcompany.com/3000272/nypd-microsoft-launch-all-seeing-domain-awareness-system-real-time-cctv-license-plate-monito}, urldate = {2017-03-13}, } @online{nyc:pspg, title = {Public Security Privacy Guidelines}, url = {http://www.nyc.gov/html/nypd/downloads/pdf/crime_prevention/public_security_privacy_guidelines.pdf}, urldate = {2017-03-13}, annotation = {Information about the NYPD's Domain Awareness System.}, } @book{rosen:naked, author = {Rosen, Jeffrey}, title = {The Naked Crowd: Reclaiming Security and Freedom In An Anxious Age}, publisher = {Random House}, isbn = {978-0375508004}, date = 2004, indextitle = {Naked Crowd: Reclaiming Security and Freedom In An Anxious Age, The}, } @article{solove:nothing-to-hide, author = {Solove, Daniel J.}, title = {``I've got nothing to hide'' and Other Misunderstandings of Privacy}, journaltitle = {San Diego Law Review}, volume = 44, pages = {745--772}, date = {2007}, url = {https://ssrn.com/abstract=998565}, urldate = {2017-03-13}, annotation = {GWU Law School Public Law Research Paper No. 289}, }, @online{metro:goebbels, author = {Nagesh, Ashitha}, title = {A Tory MP might have quoted Goebbels in defence of the government’s surveillance bill}, organization = {Metro.co.uk}, url = {http://metro.co.uk/2015/11/05/a-tory-mp-might-have-quoted-goebbels-in-defence-of-the-governments-surveillance-bill-5481457/}, urldate = {2017-03-13}, annotation = {It's never good to be accused of quoting the Nazi propaganda minister}, } @online{eff:alpr, title = {Automated License Plate Readers}, organization = {Electronic Frontier Foundation}, url = {https://www.eff.org/sls/tech/automated-license-plate-readers}, urldate = {2017-03-13}, } @online{aclu:tracked, title = {You Are Being Tracked}, subtitle = {How License Plate Readers Are Being Used To Record Americans' Movements}, url = {https://www.aclu.org/sites/default/files/field_document/071613-aclu-alprreport-opt-v05.pdf}, urldate = {2017-03-13}, } @online{eff:golden-gate-toll, title = {The Golden Gate Bridge Is Watching You}, author = {Schoen, Seth}, organization = {Electronic Frontier Foundation}, date = {2013-03-28}, url = {https://www.eff.org/deeplinks/2013/03/golden-gate-bridge-watching-you}, urldate = {2017-03-13}, } @online{goldengate:anon, title = {I Want To Remain Anonymous}, organization = {Golden Gate Bridge, Highway and Transportation District}, url = {http://goldengate.org/tolls/iwanttoremainanonymous.php}, urldate = {2017-03-13}, } @online{baynews:fastack-data, author = {Simerman, John}, title = {Lawyers dig into FasTrak data}, organization = {Bay Area News Group}, date = {2007-06-05}, url = {http://www.eastbaytimes.com/2007/06/05/lawyers-dig-into-fastrak-data/}, urldate = {2017-03-13}, annotation = {FasTrack data are used in civil disputes like divorce cases.}, } @online{blackhat:toll-systems, author = {Lawson, Nate}, title = {Highway To Hell: Hacking Toll Systems}, date = {2008-08-06}, location = {BlackHat USA}, url = {http://www.root.org/talks/BH2008_HackingTollSystems.pdf}, urldate = {2017-03-13}, } @online{w:ezpass, organization = {Wikipedia}, title = {E-ZPass}, url = {https://en.wikipedia.org/wiki/E-ZPass}, urldate = {2017-03-13}, } @online{register:rfid-clone, author = {Goodin, Dan}, title = {Passport RFIDs cloned wholesale by \$250 eBay auction spree\$}, subtitle = {Video shows you how}, organization = {The Register}, url = {https://web.archive.org/web/20170127114339/http://www.theregister.co.uk/2009/02/02/low_cost_rfid_cloner/}, urldate = {2017-03-13}, annotation = {Archive.org link used because The~Register blocks Tor~users unless they execute proprietary JavaScript.}, } @online{w:us-v-jones, organization = {Wikipedia}, title = {United States v. Jones}, url = {https://en.wikipedia.org/wiki/United_States_v._Antoine_Jones}, urldate = {2017-03-13}, annotation = {United States Supreme Court ruling that GPS~tracking constitutes a~search under the Fourth~Amendment.} } @online{darius:alpr-telnet, author = {Freamon, Darius}, title = {{PIPS} Technology {AUTOPLATE} Automatic License Plate Recognition {(ALPR)} Multiple Vulnerabilities}, url = {https://dariusfreamon.wordpress.com/2014/02/19/pips-technology-autoplate-automatic-license-plate-recognition-alpr-multiple-vulnerabilities/}, urldate = {2017-03-14}, annotation = {Telnet right into certain ALPRs.} }