Maintaining confidentiality in 21st century: Mission (im)possible

Author : Iryna Shostak

Source : 112 Ukraine

Privacy is a word that gradually loses its meaning in the 21st century. Indeed, thanks to the profiles in our social networks, one can create a detailed picture of who we are, who are our friends, what we love and how we spend our free time. But if you talk about yourself in social networks - this is your conscious choice. Instead our gadgets speak for us without our permission. What do smartphones know, who needs this information, and is it possible to protect ourselves from surveillance?
23:37, 13 May 2020

cyber security
Open source

On August 15, 2009, the editors of Wired (popular computer magazine) announced an experiment  called Vanish, in which one of the authors, Evan Ratliff, was supposed to disappear. Readers of the magazine were invited to find him for a reward of $ 5,000. During the experiment, Ratliff chatted with his followers on a closed Twitter page. At the same time, the journalist used disposable telephones, changed his passport, appearance and habits, often moved from place to place and tried to avoid surveillance cameras.

In the end, the journalist was "caught" on the 25th day of his stay (September 8, 2009) in New Orleans, by breaking his Tor (a system created to ensure anonymity on the Internet).

This causes a question - if Ratliff, resorting to such manipulations, was still founded, is it possible to secure yourself at all in the era of total computerization? Probably yes, but we cannot know about successful cases of disappearance, and they are successful for that. Moreover, as a rule, if you are not a well-known politician, celebrity or big businessman - there is no need to disappear, and aggressive hacker attacks do not threaten you. But do not rush to exhale - the information about each of us can still be relevant to those hackers who hunt your money using bank cards, law enforcement officials and large corporations.

How and who is following us?

Hackers. It's no secret that on the Internet, their attackers “hunt” for your private data, which will help to rob you. As a rule, this happens with the help of password theft, bank card data. But in the era of global computerization, where even household appliances such as a kettle or TV can connect to Wi-Fi, it’s very presumptuous to believe that by hiding such data, no one will be able to invade your personal space.

For example, in America, hackers often break into private home networks using attacks via smart TVs, and they monitor the premises using video monitors. Such an incident occurred with a resident of Chicago, who was furiously shocked to hear the voice of an unfamiliar man in his son’s room: hackers broke into the Google Nest home monitoring and control system. An investigation revealed that hackers used passwords revealed as a result of hacking several sites.

Even more often, attackers invade the privacy of their victims using webcams installed on computers and laptops. One of the high-profile cases of such a crime happened with the winner of the Miss Teen USA contest. The girl was watched by a 19-year-old hacker Jared James Abrahams (nicknamed "cute fluffy puppy”) who used the RAT (Remote Administration Tool). Interestingly, the LED indicator did not inform the girl about the hack.

It was this case that caused many people to seal the camera on their devices (as Mark Zuckerberg does).

However, it is worth emphasizing that simply doing this is not enough, it is worth blocking the sound (through the "Device Manager" in Windows or a WebCam On-Off special program).

Speaking about remote controls, we should mention another experiment conducted by American programmers Charlie Miller and Chris Valasek. The essence of the experiment was that while one of the guys was driving a car, the other had to remotely connect to the car multimedia system and take control through it. And so it happened. After this experiment, car manufacturers took care of creating automotive antiviruses.

Special Services. The story, which left no doubt that the special services know or can know about what we say and do, happened in 2013. Edward Snowden - an IT specialist who worked under a contract for the National Security Agency in Hawaii, was involved in the administration of the department's computer systems, so he had access to secret documents, in particular the PRISM intelligence program, which was developed to listen and collect data about U.S. citizens. Snowden downloaded 1 million 700 thousand secret files and, on the pretext of treating epilepsy, took a vacation, said goodbye to the girl and moved to Hong Kong, where he entered into encrypted correspondence with reporters of The Guardian and Washington Post.

Using all the rules of conspiracy (a clean phone, a network of reliable VPNs, a minimum of contacts with the world and an invisible typing of password), Edward revealed the secret that the world's largest companies, including Google, Microsoft, Apple, Facebook and YouTube actively collaborated with the secret services. All of them reported information about their users not only in the USA, but also in other countries of the world. Thus, special services got access to citizens ’e-mails, publications on social networks, lists of contacts stored on a computer, documents, audio and video files (the Prism program authorized wiretapping and recording of telephone conversations). As for the fate of Edward - after three weeks of his stay, he managed to go abroad and received political asylum in Russia.

Another interesting story, which also confirms the fact that, if necessary, special services can easily find out your personal data, occurred in one of the suburbs of New York. Michel Catalano, a housewife and freelance journalist, and her husband decided to buy a pressure cooker and a backpack. They searched for them on the Internet (a woman did this from home, and her husband from the office). After some time, their house was surrounded by several groups of armed people who asked the owners to slowly go out on the threshold with their hands up. These armed people turned out to be representatives of the counter-terrorism unit. Intelligence agencies quickly calculated by queries on the network that spouses, and not two strangers, were engaged in the search for these things. That is what became the reason for surrounding Michelle's house. Subsequently, it turned out that several months before this incident, explosions occurred in Boston. The organizers of the attack, the Tsarnaev brothers, made bombs from pressure cookers and carried them to the marathon in backpacks.

Related: Anonymous made number of cyber attacks on the airport and hospitals in Czech Republic

Companies / Corporations. Several years ago, many human rights defenders had claims against Uber. There was a scandal, during which it turned out that the company employees used the "God mode" (saw the location of their customers) and made money on it. Even after the representative office dismissed about 10 involved in such frauds, questions to Uber remained. In particular, after one of the updates, the company's mobile application began to track the coordinates of users not only during the launch of the application, but also after the trip (Trip Related Location Data function). Coordinates are tracked for another 5-10 minutes after leaving the taxi. Thus, the company knows not only where you arrived, but also where you went next.

What about Facebook and the capabilities of this company, which with a single photo can identify the user among 2 million others? Facebook collects various data about you: from age to the number of credit cards and, upon request, can provide this and other data (even personal messages) to law enforcement agencies, as it cooperates with them.

After Facebook bought WhatsApp, users noted that the chat data in this messenger is used to configure advertising. Moreover, users began to report that when they discussed things that interest them with friends in the presence of the phone, the next day they found an advertisement for a particular thing. A similar incident occurred with a man who wanted to check whether these stories were true. The proactive American never had a cat and did not look for anything about cats and for several days in the presence of the phone he said that you need to buy cat food. Subsequently, a similar advertisement appeared on his Facebook.

However, vice president of advertising at the company, Rob Goldman, denies all allegations, noting that such cases were just a coincidence: "I am responsible for advertising on Facebook. We do not use and never used your microphones for advertising."

If you don’t feel secure enough: in iOS go to the “Settings” panel, find Facebook and uncheck the “microphone” option, and on Android, go to the “Privacy Policy” section in the “Settings”, find the microphone section under the permission panel and disable access to Facebook.

Talking about Google. Almost every one of us has a Google account where, by going to the "Data and personalization" section, you can find settings that collect all the information about you: from a timeline that shows where you were yesterday, the day before, or a year ago (even how many time you spent in one place or another), to your online and offline purchases (with the help of this, the algorithm calculates your interests and offers advertising regarding them).

 And if everything seems to be clear about the first purchases, then the question arises, how and why does Google track offline purchases? It uses banking operations. The search system, knowing what you spent the money on, analyzes whether the ads it selected have influenced your decision to buy that or other product, or offers you an advertisement taking into account your offline purchases.

And if you don’t know what to write about yourself in the social network or in the CV, go to the “Parameters for personalizing ads” section. As the saying goes, the meme is funny - the situation is terrible.

Moreover, you provided access to all these actions yourself, because in the settings you could limit each of the parameters that gives access to track your actions, but you would have to sacrifice navigation that tells you if there are traffic jams on your route, as well interesting, tailored news for you and personalized advertising (now the system will show you any products, from a saw to a woman’s lipstick). Google knows this, so before letting you click Off, it prudently warns you that such actions impair the system’s performance and comfort, hinting that this is not worth it.

Why such corporations do this? In order to provide you with targeted advertising, only the one that interests you, because in this way the chance of purchases increases, and therefore advertisers pay for it.

It is also possible that soon interest in advertising can be monitored during the observation of an item on the screen. It is believed that this is exactly why Apple in 2018 bought a company that develops eye tracking systems for users. The company's goal is to get rid of the mouse and teach the cursor to keep an eye on it.

Tools with which your smartphone speaks

Location, list of your contacts, purchases, photos, personal data, queries in search engines, your tastes and even dreams - this information gets into the World Wide Web using your gadgets. Google, YouTube and Yandex keep a query history; social networks, according to your interests and needs, offer advertising, navigators, airlines and various taxi applications store the routes of your travels.

It’s terrible, but, again, we ourselves gave permission for this - most applications ask for permission to access geodata, a camera or memory at the first start. Moreover, not all of these applications should be trusted at all (such as those that give you the opportunity to see how you are named by your friends on their phones). We also choose whether to connect to a public Wi-Fi network, often paying for certain orders or purchases in it, thereby increasing the risk of theft of important data.

Using Wi-Fi, attackers can not only easily penetrate your phone, but also understand how and where you spend time (all connections to wireless networks are transferred to the server, and since each network is unique, you can see a schedule of Wi-Fi connection). Sometimes hackers even resort to more complex manipulations, as happened in the case of a hotel chain, where well-known politicians often stopped: after connecting to the network, smartphones and other devices received a "software update", the download of which allowed access to guests' files.

As for geolocation, it is clear that it is necessary for a number of useful applications and functions to work, however, it should be remembered that all data about your movements and routes are in the device’s memory and are copied to the server. But will disabling location sharing help prevent someone from knowing your location? Not really.

Many people do not know, but even if you turn off geolocation and the Internet, the phone still, even if it is turned off, will continue to transmit location data: there are two identifiers that distinguish your phone from others - IMEI (international identifier of mobile equipment) and IMSI (international identifier mobile subscriber). The first one is built into the phone itself, and it does not matter which SIM card you use, this identifier is unchanged and always tells the telephone network that it is the same phone. Another identifier is built into the SIM card, it contains your phone number. The tower will record that a device with this number has been connected to this tower, so it can identify you and location.

In order to stop tracking, you need to remove the battery (it is worth noting that most modern smartphones have a monoblock - it is impossible to remove the battery).

Related: Ukraine's cyber police identify 116 people who spread fakes about Covid-19

Another important point is the entry of personal data in Notes on the phone. It can be pin codes, passwords, addresses, which can at once become stolen. Therefore, to place such information you should use more reliable places, just bypassing the "Cloud" and Dropbox. It is much safer to store such files on your hard drive, but it’s fair to say that the laboratories have already learned to use it as a microphone that records everything that happens around. However, it is not possible to steal data from this device.

Is it possible to protect personal data?

Paradoxically, in exchange for smartphones that improve and ease our lives, we sacrifice privacy. Therefore, in order to minimize risks and maximize security of your personal space, important data and information, it’s worth using a few simple but effective tips.

Virus protection companies recommend:

    Do not open messages from unfamiliar addresses;

It is better to create two mailboxes, where the first is used for personal purposes and treated with great care, and the second is for registration on the Internet.

    Do not click on dubious links or download dubious files to your device;

Thus, you can launch a malignant program into the system, which will easily open access to your data. As a rule, the most secure links appear on the first lines of a Google search query.

    Without the help of professionals, you should not download antivirus programs;

Each of us received notices that the computer would be in danger if we did not download the proposed free antivirus program containing malignant code.

    Review your privacy settings: what is visible to friends, all users, and what should be shown only to you;
    For greater security, use secret chats in instant messengers such as Telegram and Facebook (WhatsApp has end-to-end encryption by default);
    it’s better to block third-party cookies that is asked by different pages and sites;
    Do not use unknown flash drives;
    Disconnect the webcam (better seal with an opaque tape), and also restrict access to the microphone;
    Do not use a single password to log into accounts on the websites of online stores, banks and government organizations.

If hackers break at least one account, like a chain reaction, they will be able to get to others.

    Use complex passwords (from 12 characters);

A good password should contain both upper case letters (ABC) and lower case letters (abc), characters (e.g. * # !) and numbers. Change passwords from time to time and do not use the same combinations for different pages, social networks and accounts.

    Update programs such as Windows, Java, Flash, and Office in a timely manner (it is noted that older versions of some of them may have loopholes for attackers);
    Check if the address of the page on which you want to enter personal information begins with the https prefix and the closed lock icon - these sites are safe. Sites that transmit data using the http protocol are insecure;
    You should not respond to letters or notifications that tell you about winning the lottery or offer to watch a scandalous video, especially if you click on them to follow the link;
    Do not use public Wi-Fi networks to access your personal information;
    Do not turn off account management functions (this way the system will notify you of suspicious activity);

In general, the answer to the question of how to protect yourself from surveillance is simple - you should be vigilant and know the measure in everything (do not upload absolutely all the moments of your life on social networks and do not give access to suspicious applications).

Yes, intelligence agencies and corporations can follow us, and the only thing we can do is to reduce the number of loopholes for such surveillance, but there is no sense in hiding completely, because the technologies are developing by leaps and bounds, every day allowing new types of surveillance to collect data.

For example, using a special algorithm, you can identify a user even when he changes accounts or posts inaccurate information in his profile, trying to confuse the system. AI (artificial intelligence) analyzes how we type (the time between clicks and typing speed is different for everyone), and scientists invent new ways to search for people: fingerprints and retinal scans, which once were fantastic for the past generation, will soon change to genetic material, recognition by face shape, heartbeat rhythm, microbial imprint, walking method and shadow seen from satellite.

Related: Ukraine shows solidarity with Georgia in condemning Russia's cyber attacks

Система Orphus

If you find an error, highlight the desired text and press Ctrl + Enter, to tell about it

see more