Mike Gerwitz

Activist for User Freedom

summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMike Gerwitz <mtg@gnu.org>2017-03-19 22:06:57 -0400
committerMike Gerwitz <mtg@gnu.org>2017-04-02 22:04:28 -0400
commit4a30b85b20a79fd2323ff872c5fa7dbb9f6928a3 (patch)
tree9ab0eb561b7eb610e9626bd4b29e93391ef9ae88
parentbbc74fbd55e419e1ca215fa872e352791c7fa982 (diff)
downloadsapsf-4a30b85b20a79fd2323ff872c5fa7dbb9f6928a3.tar.gz
sapsf-4a30b85b20a79fd2323ff872c5fa7dbb9f6928a3.tar.bz2
sapsf-4a30b85b20a79fd2323ff872c5fa7dbb9f6928a3.zip
Mobile section nearly ready
Just needs to be augmented with additional information (slides). * slides.org (Mobile): All slides ready. Needs more. * images/tp/remote-list: Add images for Mobile. * images/tp/SHA256SUM: Update with hashes of new images.
-rw-r--r--images/tp/SHA256SUM4
-rw-r--r--images/tp/remote-list4
-rw-r--r--sapsf.bib33
-rw-r--r--slides.org147
4 files changed, 142 insertions, 46 deletions
diff --git a/images/tp/SHA256SUM b/images/tp/SHA256SUM
index c8e2519..c1d2892 100644
--- a/images/tp/SHA256SUM
+++ b/images/tp/SHA256SUM
@@ -1,3 +1,7 @@
+48b3e8553c7c51573eb773a4ef4feeb2221ba33112d207b676e0de7e08665bd3 cell-tower.jpg
+e45b7dcf52382c2ccb8d0fd2c8b10491e37733f4cfbf611444ca7087aa01e727 stingray.jpg
+97b9850d7087ff14c93f5e01b3f4b248b030c85d4790d334eb58ce6384ab3d5e gps.jpg
+ca51e8ba23a87140b1f2cf573d4761df888d7f939947823c695004ce5d3f31f7 replicant.png
8df6f6442bfb895e2d4d5d599d2d9a477405f590587f2a473c3e59a46d06b325 alpr-mounted.png
4b0050a377af1fcd72f14863408eef44d40e7ba6fe31e2121ec7c3a51781a752 alpr-capture.png
31597ba3731e6eccf2e68ae8b91ad25b2e6e4685814e723333d9ea1d2579b635 alpr-pips.png
diff --git a/images/tp/remote-list b/images/tp/remote-list
index 6d4f264..abf561a 100644
--- a/images/tp/remote-list
+++ b/images/tp/remote-list
@@ -1,3 +1,7 @@
+cell-tower.jpg https://web.archive.org/web/20170319180434/https://upload.wikimedia.org/wikipedia/commons/thumb/2/2a/T-Mobile_cell_site.jpg/251px-T-Mobile_cell_site.jpg
+stingray.jpg https://web.archive.org/web/20170319180653/https://upload.wikimedia.org/wikipedia/en/c/c5/Stingray_Harris_handle_side.jpg
+gps.jpg https://web.archive.org/web/20170319181816/https://upload.wikimedia.org/wikipedia/commons/thumb/8/8d/GPS_Satellite_NASA_art-iif.jpg/300px-GPS_Satellite_NASA_art-iif.jpg
+replicant.png https://web.archive.org/web/20170320015032/http://www.replicant.us/images/replicant.png
alpr-mounted.png https://web.archive.org/web/20170318173251/https://www.eff.org/files/2015/10/20/paxton_and_spencer_.png
alpr-capture.png https://web.archive.org/web/20170318173346/https://www.eff.org/files/2015/10/20/paxton_captures.png
alpr-pips.png https://web.archive.org/web/20170318173427/https://www.eff.org/files/2015/10/15/pipscam9_redacted.png
diff --git a/sapsf.bib b/sapsf.bib
index 7f4e2d3..2448d63 100644
--- a/sapsf.bib
+++ b/sapsf.bib
@@ -1025,3 +1025,36 @@
url = {http://www.trustev.com/technology},
urldate = {2017-03-19},
}
+
+@online{w:file:cell-tower,
+ author = {Appel, Thomas},
+ title = {File:T-mobile cell site},
+ organization = {Wikipedia},
+ date = {2015-09-23},
+ url = {https://en.wikipedia.org/wiki/File:T-Mobile_cell_site.jpg},
+ urldate = {2017-03-19},
+}
+
+@online{w:file:stingray,
+ title = {File:Stingray Harris handle side.jpg},
+ date = {2013-04},
+ organization = {Harris Corporation},
+ url = {https://en.wikipedia.org/wiki/File:Stingray_Harris_handle_side.jpg},
+ urldate = {2017-03-19},
+}
+
+@online{w:file:gps,
+ title = {File:GPS Satellite NASA art-iif.jpg},
+ date = {2006-02-09},
+ organization = {NASA},
+ url = {https://en.wikipedia.org/wiki/File:GPS_Satellite_NASA_art-iif.jpg},
+ urldate = {2017-03-19},
+}
+
+@online{wsj:app-loc,
+ title = {What They Know - Mobile - WSJ},
+ organization = {The Wall Street Journal},
+ url = {http://blogs.wsj.com/wtk-mobile/},
+ urldate = {2017-03-19},
+ annotation = {Popular apps that transmit location information in~2010},
+}
diff --git a/slides.org b/slides.org
index a54350e..658610b 100644
--- a/slides.org
+++ b/slides.org
@@ -65,7 +65,7 @@ invasive topic-wise.
* LACKING Slides :export:ignore:
-** REVIEWED Introduction / Opening :B_fullframe:
+** READY Introduction / Opening :B_fullframe:
:PROPERTIES:
:DURATION: 00:01
:BEAMER_env: fullframe
@@ -109,17 +109,18 @@ often used and dismissed as tinfoil-hat FUD.)
#+END_COMMENT
#+BEGIN_CENTER
- #+BEAMER: \only<1>{You're Being Tracked.}
- #+BEAMER: \only<2>{(No, really, I have references.)}
+ #+BEAMER: \only<1->{\Huge You're Being Tracked.}
+
+ #+BEAMER: \only<2>{\large(No, really, I have references.)}
#+END_CENTER
-** REVIEWED Mobile [0/5]
-*** REVIEWED Introduction :B_ignoreheading:
+** AUGMENT Mobile [5/5]
+*** READY Introduction :B_ignoreheading:
:PROPERTIES:
:BEAMER_env: ignoreheading
:END:
-**** REVIEWED Introduction :B_fullframe:
+**** READY Introduction :B_fullframe:
:PROPERTIES:
:DURATION: 00:00:15
:BEAMER_env: fullframe
@@ -140,17 +141,33 @@ A phone is often synonymous with an individual;
In other words: they're excellent tracking devices.
#+END_COMMENT
-*** REVIEWED Cell Towers [0/2]
+*** READY Cell Towers [2/2]
:PROPERTIES:
:DURATION: 0:02
:END:
-**** REVIEWED Fundamentally Needed
+**** READY Fundamentally Needed
:PROPERTIES:
:DURATION: 00:00:45
:END:
+
+***** Summary
+:PROPERTIES:
+:BEAMER_col: 0.75
+:END:
- Phone needs tower to make and receive calls
- Gives away approximate location\cite{pbs:nova:boston}
+***** Tower Image
+:PROPERTIES:
+:BEAMER_col: 0.25
+:END:
+
+#+BEGIN_CENTER
+[[./images/tp/cell-tower.jpg]]
+
+\incite{w:file:cell-tower}
+#+END_CENTER
+
#+BEGIN_COMMENT
The primary reason is inherent in a phone's design:
cell towers.
@@ -173,16 +190,33 @@ You can imagine that such would be a very useful and important feature for
#+END_COMMENT
-**** REVIEWED Cell-Site Simulators
+**** READY Cell-Site Simulators
:PROPERTIES:
:DURATION: 00:00:45
:END:
+
+***** Summary
+:PROPERTIES:
+:BEAMER_col: 0.65
+:END:
- <1-> IMSI-Catchers
- <1-> Masquerade as cell towers
- <1-> Most popular: Stingray
- <2-> Free/libre Android program AIMSICD available on F-Droid attempts to
detect\cite{aimsid}
+***** Stingray Image
+:PROPERTIES:
+:BEAMER_col: 0.35
+:END:
+
+#+BEGIN_CENTER
+[[./images/tp/stingray.jpg]]
+
+\incite{w:file:stingray}
+#+END_CENTER
+
+
#+BEGIN_COMMENT
Cell Site Simulators have made a lot of news in the past (including my local
news),
@@ -207,22 +241,22 @@ It is free software and is available on F-Droid.
#+END_COMMENT
-*** REVIEWED Wifi [0/3]
+*** READY Wifi [1/1]
:PROPERTIES:
:DURATION: 0:01
:END:
-**** REVIEWED ESSID and MAC Broadcast
+**** READY ESSID and MAC Broadcast
:PROPERTIES:
:DURATION: 00:01
:END:
- <1-> Device may broadcast ESSIDs of past hidden networks
-- <2-> Expose unique hardware identifiers (MAC address)
-- <3-> **Defending against this is difficult**
- - <4-> /Turn off Wifi/ in untrusted places
- - <4-> Turn off settings to auto-connect when receiving e.g. MMS
- - <5-> Use cellular data (e.g. {2,3,4}G)
- - <6-> **MAC address randomization works poorly**\cite{arxiv:mac}
+- <1-> Expose unique hardware identifiers (MAC address)
+- <2-> **Defending against this is difficult**
+ - <3-> /Turn off Wifi/ in untrusted places
+ - <3-> Turn off settings to auto-connect when receiving e.g. MMS
+ - <4-> Use cellular data (e.g. {2,3,4}G)
+ - <5-> **MAC address randomization works poorly**\cite{arxiv:mac}
#+BEGIN_COMMENT
What else is inherent in a modern phone design?
@@ -262,24 +296,26 @@ And of course, we do.
#+END_COMMENT
-*** REVIEWED Geolocation [0/3]
+*** READY Geolocation [3/3]
:PROPERTIES:
:DURATION: 0:02
:END:
-**** REVIEWED GPS
+**** READY Global Positioning System (GPS)
:PROPERTIES:
-:DURATION: 00:01
+:DURATION: 00:00:30
:END:
+
+#+BEGIN_CENTER
+#+ATTR_LATEX: :height 1in
+[[./images/tp/gps.jpg]]\incite{w:file:gps}
+#+END_CENTER
+
- <1-> Not inherently a surveillance tool
-- <2-> Often enabled by default
- - <2-> Might prompt user, but features are attractive
-- <3-> Programs give excuses to track\cite{jots:mobile}
- - <3-> Navigation systems
- - <3-> Location information for social media, photos, nearby friends, finding
+- <2-> Often enabled, and programs abuse it\cite{jots:mobile}
+ - <2-> Legitimate: navigation, social media, photos, nearby friends, finding
lost phones, location-relative searches, etc.
-- <4-> Not-so-good: targeted advertising and building users profiles
-- <4-> If phone is compromised, location is known
+- <3-> If phone is compromised, location is known
#+BEGIN_COMMENT
Let's talk about geolocation!
@@ -287,8 +323,8 @@ Many people find them to be very convenient.
The most popular being GPS.
GPS isn't inherently a surveillance tool;
-it can't track you on its own.
-Your GPS device triangulates its location based on signals
+ it can't track you on its own.
+Your GPS device calculates its location based on signals
broadcast by GPS satellites in line-of-site.
Because of the cool features it permits,
@@ -305,19 +341,23 @@ Navigation systems,
all of these things are legitimate.
You just need to be able to trust the software that you are running,
Often times, you can't.
-Without source code,
- it's sometimes hard to say if a program is doing other things.
-Like using it for targeted advertising,
- and/or building a user profile (which we'll talk about later).
+
+Even if you can,
+ if your device is owned,
+ they can just enable GPS and your location is known.
#+END_COMMENT
-**** REVIEWED But I Want GPS!
+**** READY But I Want GPS!
:PROPERTIES:
-:DURATION: 00:00:30
+:DURATION: 00:00:40
:END:
- <1-> Is the program transparent in what data it sends? (Is the source code
available?)\cite{jots:mobile}
-- <1-> Does the program let you disable those features?
+ - <1-> 2010: 47 of top 100 Android and iOS apps sent location to devs and
+ third parties\cite{wsj:app-loc}
+ - <1-> Ex: /Angry Birds/ sent address book, location, and device ID to
+ third party\cite{networks-of-control}
+- <1-> Does the program let you disable those [anti-]features?
- <2-> Pre-download location-sensitive data (e.g. street maps)
- <2-> OsmAnd (free software, Android and iOS)\cite{osmand}
@@ -325,6 +365,14 @@ Like using it for targeted advertising,
So you may legitimately want GPS enabled.
It's terrible that you should be concerned about it.
+Are the programs you're using transparent in what they're sending?
+A precondition to that answer is source code;
+ it's otherwise hard to say if a program is doing other things.
+
+A study by the Wall Street Journal found that 47 of the 100 Android and iOS
+ apps in 2010 shared your location with not only the developers,
+ but also with third parties.
+
You need to know what data you're leaking so that you can decide whether
or not you want to do so.
And you need the option to disable it.
@@ -337,9 +385,9 @@ Some apps let you use pre-downloaded maps,
#+END_COMMENT
-**** REVIEWED Location Services
+**** READY Location Services
:PROPERTIES:
-:DURATION: 00:00:45
+:DURATION: 00:00:30
:END:
- <1-> No GPS? No problem!
@@ -349,7 +397,7 @@ Some apps let you use pre-downloaded maps,
nearby cell towers\cite{w:wps}
- <2-> Signal strength and SSIDs and MACs of Access Points
\cite{w:trilateration,acm:spotfi,acm:lteye}
-- <3-> Gathered by Google Street View cars
+- <3-> Some gathered by Google Street View cars
- <3-> Your device may report back nearby networks to build a more
comprehensive database
- <4-> Works even where GPS and Cell signals cannot penetrate
@@ -365,7 +413,7 @@ There are numerous services available to geolocate based on nearby access
Based on the signal strength of nearby WiFi networks,
your position can be more accurately trangulated.
-These data are gathered by Google Street View cars.
+Some of these data are gathered by Google Street View cars.
Your phone might also be reporting back nearby networks in order to improve
the quality of these databases.
@@ -376,14 +424,14 @@ And it works where GPS and maybe even cell service don't, such as inside
So just because GPS is off does not mean your location is unknown.
#+END_COMMENT
-*** REVIEWED Operating System [0/3]
+*** READY Operating System [3/3]
:PROPERTIES:
:DURATION: 0:02
:END:
-**** REVIEWED Untrusted/Proprietary OS
+**** READY Untrusted/Proprietary OS
:PROPERTIES:
-:DURATION: 00:00:45
+:DURATION: 00:00:40
:END:
- <1-> Who does your phone work for?
@@ -413,7 +461,7 @@ In November of last year it was discovered that these popular phones
That software could also remotely execute code on the device.
#+END_COMMENT
-**** REVIEWED Free/Libre Mobile OS?
+**** READY Free/Libre Mobile OS?
:PROPERTIES:
:DURATION: 00:00:30
:END:
@@ -421,7 +469,14 @@ That software could also remotely execute code on the device.
- <1-> But every phone requires proprietary drivers, or contains
proprietary software
- <2-> Replicant\cite{replicant}
- - <3> Niche. Interest is low, largely work of one developer now.
+ - <2> Niche. Largely work of one developer now. (Help if you can!)
+
+#+BEAMER: \uncover<2>{
+#+BEGIN_CENTER
+#+ATTR_LATEX: :width: 7in
+[[./images/tp/replicant.png]]
+#+END_CENTER
+#+BEAMER: }
#+BEGIN_COMMENT
Android is supposedly a free operating system.
@@ -439,7 +494,7 @@ I feel like I can at least trust my phone a little bit,
#+END_COMMENT
-**** REVIEWED Modem Isolation
+**** READY Modem Isolation
:PROPERTIES:
:DURATION: 00:00:30
:END: