Coming soon to an android phone near you
That seems like a fair question. Would the behaviour of VicForests pass the sniff test? Probably not. Was any law broken? Again, probably not. (well, only by the âprotestersâ who beat the %$#@ out of the PI but thatâs an unknown tangent.)
When much of your activity takes place in a public arena, you donât have a reasonable expectation of privacy (in current law). If someone follows you on public roads, in public venues then you donât have privacy. If someone follows you onto private property then that is crossing a line.
Letâs say, hypothetically, the PI was directed to uncover âdirtâ on âSarahâ ⊠well, members of parliament are well known to maintain their own âdirt filesâ, even on their own members of parliament (âkeep your friends close and your enemies closerâ) ⊠so I donât think you will see much action by politicians to make it more difficult to do this lawfully.
The $64 question ⊠will it be fooled by an image of the legitimate user of the phone? For example, does it have liveness detection?
Already on a smartphone near you (the researchers estimate 37% of all smartphones), a vulnerable sound processor that could enable a malicious actor to record everything your phone hears.
There will likely never receive a security update for a notable number of older devices that vendors no longer support.
That right there is the real problem.
General comment: This is a hot area of security research. The interface between the operating system and various ancillary processors, or the implementation on the ancillary processor itself, is often quick and dirty, either not having any validation at all or having faulty validation. At the same time, mobile phones are growing more and more ancillary processors. I expect many more bugs that are similar to the ones discussed in that article.
Looks like we are being softened up for a further extension of the surveillance state: Theo Hayez coronial inquest hears of legislative gaps and barriers to accessing data - ABC News
Pedos and terrorists have been mostly mined out so now we are onto missing persons. Hence extension to surveillance in the absence even of the suspicion of crime.
Mozilla are working on further improvement to the sandboxing they use in Firefox. This should help alleviate cross contamination and identity theft from malicious code and websites into sensitive sites we use such as our Banking ones.
Mozilla have an article on the changes that might interest us all.
WebAssembly and Back Again: Fine-Grained Sandboxing in Firefox 95 - Mozilla Hacks - the Web developer blog
Malwatebytes blog has released a bit of interesting detail about what the FBI can get from encrypted messaging apps that many of us use. If the FBI can get it, it seems that most other Law Enforcement or Security Organisations if Govt would have similar access or lack of access.
From the details provided two of the most secure appear to be Signal and Telegram, but others also provide very limited information to authorities.
It ends by stating:
If there is one thing clear from the information in this document itâs that most, if not all, of your messages are safe from prying eyes in these apps, unless youâre using WeChat in China.
I would say thatâs more than a little optimistic. There is a lot of metadata leaking from some of the apps, and a lot of reliance on the app developers. Whatâs metadata? Data that describes data (e.g. date and time of message, sender and recipient, lengthâŠ), which in many cases is more valuable than the data itself.
I would not trust Telegram if I am in Russia (developer home country) or the Middle East (current headquarters). Obviously WeChat is a no-no. Anything that passes information to iCloud is potentially leaky, and I wouldnât trust a service I have not heard of (Line). Signal looks like the best bet for protecting both data and metadata.
We use Line and have done so for a number of years. It is widely used in Eastern AsiaâŠand one of its purposes is to prevent prying eyes/ears from their big neighbour. It also is within the top 5 as far as user numbers. It was one of the first to introduce true end to end encryption.
We use it in preference to other popular ones which in the past have been data miners, but now claim no longer serve such purposes.
This may be an introduction to our own telcos scraping for that last penny⊠From Verizon in the USA with a marketing department that deserves a gong for making intrusion that defaults to opt-out look like a bonus. The spin deserves recognition - they could be pollies-in-the-making. Summary: We will safeguard your information by using it ourselves. Such a great opportunity for their customers!
Introducing Verizon Custom Experience.
Itâs your experience, tailored to your interests.
Hi [Customer Name],
At Verizon, we believe being Americaâs most reliable network comes with a responsibility to safeguard and protect your information. Your privacy is important to us, and we want to let you know about a new choice you have regarding how we use your information.
Weâd like to introduce Verizon Custom Experience, a program designed to provide you more personalized experiences with Verizon. You will be part of Custom Experience unless you opt out.
How it works
The program uses information about websites you visit and apps you use on your mobile device to help us better understand your interests. This helps us personalize our communications with you, give you more relevant product and service recommendations, and develop plans, services and offers that are more appealing to you.
To be very clear, this information is used only by Verizon; we do not sell this information to others for them to use for their own advertising.
Youâre in control
Your line will be included in the Custom Experience program in 30 days unless you opt-out by using your privacy preferences [hotlinked] on the My Verizon site or My Verizon app. You can view and change your choices at any time.
âŠyet.
Doesnât work so well for the ISP if you use another, encrypted DNS lookup service.
And now this.
The proposal is to require adults to turn over âproofâ such as credit card or passport details to access some sites. That will go well on the first hack, surely it will.
They could use a system similar to that used for verification processes by many organisations in Australia, where details arenât recorded by the third party site. The verification is through a query direct to the data holder (e.g. tax office, immigration dept etc) and the third party site only receives confirmations.
That could go smashingly well considering all the governments (and others) that might need to sign up to it. Not considering âI did not keep your details, really I didnâtâ issues as the scammers gain something akin to a trusted similarity for even asking.
In Australia they already do from State Governments (driver licences etc) and the Commonwealth. (passports, Medicare, ATO, banking details etc). It is becoming more common for government agencies, financial institutions and others to require (automatic) online verification with direct inquires. SeeâŠ
The risk isnât hacking, but phishing. If it becomes mandatory, account holders will be expecting the verification requirement for social or other online accountsâŠand scammers/criminal gangs will exploit the opportunity to catch new victims. It will be easy for a scammer to replicate a legitimate verification page to harvest details - like those that already exist for phishing sites.
This is something the UK government has been pushing for several years.
I see CHOICE Community censorship is alive and well . Had the website not used a hyphen the word would have shown just fine.
So - maintain a central database that can be checked and that provides privacy in relation to the website by simply issuing a single-use identifier for someone who is old enough to be using the website. What could possibly go wrong?
- The central database is hacked. Unlikely.
- The central database is misused. âOf course we emailed your mother when you attempted to enrol at the xxx website, because you are under ageâ. Alternatively, âthis person from the opposition who is campaigning on family values is registered at seven different websites according to our databasesâ. First is unlikely, because the under-age user would not be in the database. Second is totally improbable because we all know that we can trust the government not to give out personal information for political gain. /sarcasm
- Phishing (as already mentioned by @phb), seeking âto confirm that you registered for our website. If you do not respond we will have to confirm your details with the central database as they currently do not match its recordsâ. Pretty much inevitable.
- People who want to access porn and do not want to be in a government database use a VPN to say that theyâre actually connecting from Iran or some other more freedom-loving country. Highly likely, and a big problem.
There are a lot of âfreeâ VPNs out there, and the reason they do not charge you is because you are the product. Of course, educating teenagers on Internet safety is a chore in itself, and the fact is that at some point they are almost certain to go looking for whatever they cannot access - this is called human nature. Canât pay for it because you are a teen who canât get a credit card, or because you canât afford it? Use the free stuff, and all your base are belong to us.
There are undoubtedly many other ways this plan could go wrong, and hopefully it will be killed off once again.
So you want to share your porn viewing habits with the tax office?
There are technical solutions to this problem but it is doubtful that the Australian government is interested because those solutions donât align with their surveillance agenda. In other words, the Australian government wants to inject itself into your life to a greater extent.
Privacy Internationalâs May 2022 report titled âPersonal data and competition: Mapping perspectives, identifying challenges and enhancing engagement for competition regulators and civil societyâ can be found at the following link:
Personal Data and Competition May 2022 EN.pdf (privacyinternational.org)
@BrendanMays CHOICE may be interested in this.