Dec 23
2024

Government GPS Tracking is Coming

Posted on December 23, 2024 by Cloak Meister

We know this what governments do – they find a legitimate excuse to mess with your life, but it seems trivial and we accept it. And they expand its boundaries, in little increments.

Most major cities have traffic congestion problems.

Singapore’s Land Transport Authority (LTA) estimated last week that by tracking all vehicles with GPS it will be able to increase road capacity by 20,000 over the next few years. (The Register)

Yep, no need to worry, it is just for traffic purposes!

Next up the police will seek to use it in rare cases of bank robberies or kidnaps. And then it will incrementally go wider and wider until the nation just accepts their every move is tracked – but if you never do anything wrong you have nothing to be afraid of!

Meanwhile in Australia some domestic violence offenders are having their GPS tracked. Perfectly reasonable!

Meanwhile in the US, LexisNexis has the data from GM vehicles.

Upon Mr. Dahl’s request, LexisNexis sent him a 258-page “consumer disclosure report,” which it must provide per the Fair Credit Reporting Act.

What it contained stunned him: more than 130 pages detailing each time he or his wife had driven the Bolt over the previous six months. It included the dates of 640 trips, their start and end times, the distance driven and an accounting of any speeding, hard braking or sharp accelerations.

Posted in Government Surveillance | Leave a comment
Dec 23
2024

Israeli VPNs might be spying on you

Posted on December 23, 2024 by Cloak Meister

Kape Technologies owns ExpressVPN, CyberGhost, Private Internet Access, ZenMate, Intego Antivirus.

ExpressVPN has 4 million uers.

Its owner is an Israeli billionaire called Teddy Sagi, who went to prison for fraud in his younger years. So far no dots to join…

Sagi initially made his fortune from his gambling software company Playtech. Here’s where it gets interesting. His companies tend to be setup where they can be safe, like Estonia. And Kape’s first main products were tools to enable adware in browsers (malware that displays ads, or pretends to show them, to rip off advertisers).

So it would seem that ethics do not concern him, and he has committed crimes in the past.

Kape has close connections to the Israeli intelligence services.

And Iran tried to assassinate Sagi in Cyprus, so he must be more than a regular businessman.

In September 2021, ExpressVPN CIO Daniel Gericke paid a $335,000 fine for previously carrying out hacking operations on behalf of the U.A.E. (Wikipedia)

Joining the dots, there is at least enough suspicion that those VPN services might be the opposite of the safety and privacy they are meant to offer.

Posted in Government Surveillance, Internet | Leave a comment
Nov 20
2023

Levels of ID

Posted on November 20, 2023 by Cloak Meister

We all know that freedom fighters and sovereign citizens are well against a national ID. So what are the alternatives?

No ID pretty much only works in an anarchistic environment. The reason we have IDs is because they are a necessary component of so many things:

  • tax
  • government benefits
  • licenses (driving and professional)
  • passports
  • proof of age (buy cigarettes or alcohol)
  • law enforcement (who is meant to be in prison, who is a deadbeat dad)

While it is easy to have a “no ID” mantra, it is hard to make the above processes work without one.

Here’s a minor example, duck shooting license. The license exists to stop the duck population being decimated = no more hunting. Hunters understand the need for a license.

If the duck hunting zone was some theme park then you could buy a day ticket, no problem. But it is not an enclosed space, and therefore any mere ticket could be shared by many. So to stop that you need to be able to prove it is yours. No matter which way you wish to do that, it needs some variety of ID.

We don’t want people swapping passes to buy alcohol. We don’t want someone to get out of paying tax by saying that they are the other Joe Bloggs. Other lands won’t accept passports from a state with no IDs. You want no ID, then come up with another way. IDs were born from necessity.

National ID

This is something we can fix. A one-ID for all things might not be necessary.

Keep in mind that private business can make whatever rules or ways they wish, and if the vast majority of people don’t mind showing their driver’s license to rent a video, good luck finding a store without that requirement.

Maybe we can create ID silos?

  • Legal – birth certificate, death certificate, courts, crimes, deadbeat dads, marriage, land ownership
  • Society – driver’s license, recreational licenses, air travel
  • Tax – employment, federal, state and local taxes, and tax benefits like housing, food stamps, pension
  • Obligation – military draft, jury duty, voting
  • Law – punishment and imprisonment, paying fines, deadbeat dads, bankruptcy
  • Being a Customer – video store, gym, car hire, insurance, phone service

Each of these can use their own form of ID, and be mutually exclusive.

  • Legal – birth certificate or citizen certificate
  • Society – driver’s license or equivalent
  • Tax – social security number
  • Obligation – a new number just for this
  • Law – birth certificate or citizen certificate
  • Being a Customer – a new number just for this

Every number can be assigned at birth. Yes, you get your driver’s license at birth, and it becomes operational when you pass the test.

There has to be a way of verifying, and a backup plan, and so a central database that knows everything is inevitable. But it can be enshrined as only for verification (in extreme cases), courts and backup purposes. Never for cross-referencing for any reason.

So, a new born baby gets their birth certificate, their driver number, social security number, obligation number, and customer number. They provide DNA, retina scan and fingerprint to be stored alongside all of those in an uber-secure, offline, non-digital database, that can only be accessed from a public record court order.

Posted in Citizenship, Identification and Personal Data | Leave a comment
Dec 23
2022

Flipper Zero Alert

Posted on December 23, 2022 by Cloak Meister
Flipper Zero

Thanks to some testing done at Wired, we have some expert proof that some things are possible with the trending $200 gadget called Flipper Zero.

Garage remotes and RFID keyless entries and hotel room keys can be cloned and used to get inside. That alone is disturbing and worthy of paying particular attention to such things. Don’t have a garage that has easy access to the rest of the house, or contains valuables. And don’t leave anything worth stealing in your hotel room.

Of course someone needs to be in range to clone it. For a garage, that mostly means someone parked very close by. For a hotel room, unless they are there when you use it, they would also need to know your room number.

Except for older cars, your vehicle is safe because the code keeps changing, they are currently one step ahead of criminals. Likewise, while the Flipper Zero can capture someone’s card number, it won’t get the security code or PIN number.

What is cool is all of the things the device can discover, like that some pet microchips transmit the pet’s body temperature, and WIRED’s office bathroom has a soap dispenser that broadcasts whether it needs a refill.

Posted in Spy Equipment | Leave a comment
Sep 05
2022

Suspect All Apps

Posted on September 5, 2022 by Cloak Meister

Two stories this week:

  • Police have used “Fog Reveal” to search hundreds of billions of records, taken from apps on 250M mobile devices, and it is cheap, just a few thousand per year. The data can create location analyses known among law enforcement as “patterns of life,” and they believe it is legal for them to do so
  • Meanwhile Kochava has been sued for the very same thing, except they provide specifics instead of patterns

Don’t use apps, is the message

Posted in Corporate Surveillance, Government Surveillance | Leave a comment
Aug 09
2022

Invisv Offers Phone Privacy

Posted on August 9, 2022 by Cloak Meister

Android only, and data only – no voice!

Invisv is a clever way of making sure that nobody can associate your phone with its activities. It does this my letting all the users share IMSIs, rotating through them. This is not too different to how VPNs are private, or how people can, for example, share a service using the same subscription (like a library card).

Read all about it at Wired

The thing is, it is not needed. When you use a HotSpot on your main phone, the IMSI data is not used. Couple that with a VPN and a phone with no SIM card, and you can more easily have untraceable online activities – just with the need to carry two phones.

Posted in Avoiding Detection, Identification and Personal Data, Internet | Leave a comment
Jul 22
2022

Untraceable Photos

Posted on July 22, 2022 by Cloak Meister

In case you were unaware, photos can contain metadata that could be used to discover that it was you who took them. In which case, posting them online, no matter how cautiously, could lead back to you – if, of course the pics could cause legal problems.

On your phone:

  • Remove location permissions from the camera app

Otherwise, you can remove the EXIF (Exchangeable Image File Format) data from an existing photo. The combination of the data could be used to prove that it was your phone that took the photo:

  • Camera manufacturer and model.
  • Data and time the photo was taken.
  • Compression type used for the photo.
  • Aperture, shutter speed, and ISO settings.
  • Metering mode.
  • Flash mode.
  • Pixel resolution.

To remove that data, there are apps that can do it, or free online services, or even Windows Explorer can remove EXIF data. Simply search online.

Posted in Identification and Personal Data | Leave a comment
Feb 09
2022

iCloud Private Relay by Apple

Posted on February 9, 2022 by Cloak Meister

iCloud Privacy Relay settings

This is not a replacement for other dedicated services like a VPN, but rather it fills the gaps in regular security – like if you visit an insecure site.

You can switch it on for iPads or iPhones in Settings > Your Name > iCloud.

It is a two-step process via Apple servers:

  1. Changes your IP address as seen by websites (like a VPN)
  2. Looks up DNS servers to fetch the website

That means nobody gets to see who you are and where you are visiting as a combo. Without both together, you have privacy.

You get to choose if the replacement IP address is local or your country. This may affect ads you see, but not much else. Not a problem on secure sites that serve ads, and all respectable sites are secure.

Turn it on, there’s no bad side to this.

NOTE: Still being rolled out and not available in all countries

Posted in Avoiding Detection, Internet | Leave a comment
Dec 25
2021

Community CCTV Networks

Posted on December 25, 2021 by Cloak Meister

Something that citizens can control, and use, as opposed to being surveilled by the government, is their own CCTV cameras.

As we know from Movies/TV, the first thing a cop does at an outdoor crime scene is look for any CCTV cameras nearby, and then ask if they can look at the footage.

Instead of installing Ring and allowing the authorities automatic access, why not self-organise?

At the other extreme, in Western Australia, police ask for people to just let them know if they have a camera, so they can quickly access a database. This is a good way for the authorities to connect, and appears to be popular in the US in individual towns. Even so, the government is in control of the data.

Benefits of a community-operated camera network:

  • The users control everything
  • It can be used for things beyond what the police will investigate
  • Combine it with Neighbourhood Watch, and rapid communication
  • Automated systems can be utilised, like face or license plate tracking (currently illegal in many places, but presumably OK in many lands)
  • Hybrid / manual systems could be created that comply with laws
  • Potential for other uses. Combine it with sensors for weather, and sell the data to a weather app. Count traffic rates for when asking the council for something

Necessary components:

  • It has to work out-of-the-box, which means getting a quality manufacturer on board
  • The rules and ethics need to be perfect
  • The software and network needs to be 100% secure without doubt
  • Checks and balances

Possible scenarios where it could be useful:

  • Tracking the movements of your stolen car
  • Vandalism
  • Mail / parcel theft
  • Deterrent – signs mentioning the networked nature of the cameras
  • Monitoring what the authorities do in your neighbourhood
  • Spotting vehicles (people?) who are new
  • Hoons / street racing
  • And in an extreme case, riots

 

Posted in Citizen Controlled | Leave a comment
Sep 28
2021

ShadowDragon – Social Surveillance

Posted on September 28, 2021 by Cloak Meister

In case you didn’t already know, anything you put online can come back and bite you.

ShadowDragon allows police to suck in data from social media and other internet sources, including Amazon, dating apps, and the dark web, so they can identify persons of interest and map out their networks during investigations. By providing powerful searches of more than 120 different online platforms and a decade’s worth of archives, the company claims to speed up profiling work from months to minutes.
https://theintercept.com/2021/09/21/surveillance-social-media-police-microsoft-shadowdragon-kaseware/

A sample of the sites they trawl:

AOL Lifestream | Amazon | Ameba | Aodle | BabyCenter | BitChute | BlackPlanet | Blogger | Busted! Mugshots | Buzznet | Cocolog | Companies House | Crunchbase | Dailymotion | DeviantArt | Ebay | Etsy | Facebook | Flickr | Foursquare | Gab | GitHub | Goo | Google | Google+ | Gravatar | Hatena | Huffington Post | ICQ | IMVU | ImageShack | Imgur | Instagram | Instructables | Jugem | Kik |LinkedIn | LiveJournal | Livedoor | Mail.ru | Menuism | MeWe | MySpace | Naijapals | Netlog | OK Cupid | Okru | Olipro Company | Pandora | Pastebin | PayPal | PGP | Photobucket | Pinterest | Plurk | POF | PornHub | QQ | Reddit | ReverbNation | Seesaa | Skype | SoundCloud | SourceForge | Spotify | Sprashivai | Steam | Sudani | Telegram | Tinder | TripAdvisor | Tumblr | Uplike | Vimeo | Vine | Virus Total | VK | Voat | Weibo | Xing | Yahoo | Yelp | YouTube | Zillow

The full details are irrelevant – the takeaway is that authorities (or, well, anyone) doesn’t need to put manual effort into this. They can just hit F12 and get everything on you.

Posted in Corporate Surveillance | Leave a comment