German law enforcement agencies have been "pinging" mobile phones ... [and] they can be used to locate the cell towers through which the pings traveled. And thus, can be used to track the mobile targeted.
More and more companies seem to be forced/coerced into implementing backdoors into their chips, components, software.
While the government will obviously claim it is for the good of its citizens, it would be nice if companies would be transparent about the matter. Maybe not shown to the average consumer, but one should be able to get a report detailing the hidden functionality that something has.
By using the device/whatever I would know that I could be monitored, but at least it would be a conscious decision on my behalf. I wouldn't be at all surprised if in 5 years everything I owned was reporting my actions back to some government center.
SMS is unbelievably insecure. I am a rank amateur but I have done things with SMS that should not be possible. I have emailed all the networks to explain the problem but none of them have responded.
Recently in Germany many banks introduced a new "security" feature that allows you to receive your TANs per SMS in order to do online transactions. The TANs are sent in plain text.
All you need is a UMTS receiver and a way to analyze the data, e.g., a software-defined radio implemented on an FPGA.
Isn't this more secure than having nothing?
There is a large additional cost to the wrongdoers in that they have to get close to you (even if they know your home address, how do they know you and your phone are home). Seems like a deterrent when you could be running credit card phishing sites for less work per victim.
And you would still get the intercepted text, the ones I get from my bank in Australia suggest if you didn't request the token to contact them immediately.
My bank (Landesbank BW) gives you hardware (looking a little like a calculator) where you for example type in the bank-number of a person to whom you send money and then it'll calculate some PIN for that action.
We had both (both the original TAN list where every number could be used just once and invalidated all previous numbers on the list and the iTan system).
I prefer the token thingy my bank gave me. Insert your direct debit card, enter two numbers from the screen (usually corresponding to your transaction in some way, to confirm _again_ that you're really trying to send money to account X) and generate the TAN. Done.
Also note that these silent SMSs can also help with cracking A5/1, the broken GSM encryption algorithm. I think this attack was demonstrated at a previous CCC.
I'm surprised this police tactics are still now widely known outside of Germany. But seeing the included GPS chips in smartphones & tablets makes me believe that this is even easier & more precise these days for other "institutions" and Online-Targeting companies without publishing this.
But maybe there is also hope with smartphones, you could start effective "Gegenmaßnahmen" (counter-measures) by routing your calls via vpn,voip and anonymous throw-away calling cards - to cover at least your location. But don't forget to disable the "location based serives" and install an outbound firewall then ;-)
Why? Google is some outside entity from another country. Do you find it hilarious that I discipline my kids but it would probably result in a physical altercation if someone else whom I didn't place in authority (explicitly or implicitly like the schools) did?
Granted, I wouldn't want to be live under a government that thought of me as "belonging" to them [1] but their stance here isn't remotely hypocritical.
[1] The US government does as well though. The US is the only country in the world where you if you sell everything you have in the US and move away to a new life they still expect you to pay them taxes on what you earn in the new country.
Google is harmless compared to the power nation states have. It’s just wrong to focus your effort on companies and not states. What politicians try to do is make privacy all about companies and not the state and that is, honestly, disgusting. All their gushing about Facebook and Google only serves to hide their own failings.
It's both. Google gets (ab)used by the US government at least; here is a high-profile case, where they fought the secrecy: https://news.ycombinator.com/item?id=3096888. Governments are asking for warrantless wiretapping, and the centralisation of data by large corporations where the user doesn't control it is too tempting a target (see the AT&T/NSA retroactive immunity scandal for another example).
I disagree. The bigger the company gets the more influence it is likely to have on one or more states. Both corporations and governments are dangerous and should not be trusted with privileged information.
I'm very wary of this sort of tracking, and I do take it seriously... but I just want to point out that this number could make the tracking sound more widespread than it actually is.
The article implies that certain targets are pinged continually in order to establish their patterns. Pinging somebody once per minute for an entire day would come out to 1,440 messages.
Not saying the number is or isn't inflated, just pointing out that they could potentially have tracked a very small number of people for a while.
This is an honest question: why are people so concern about privacy when it comes to their government? What is the issue with the gov listening to my phone calls if I am not doing anything illegal?
Note: I was once followed by the FBI because they were following someone I was spending a lot of time with. I ended being asked for a coffee by the agent. I was not worried because I had nothing to hide.
Please send all your correspondence (paper, email, phone) through me, so that I can read it and then pass it on.
Now what's the difference between me and the government? In this case, nothing, because neither one of us has any legitimate interest in what you say or do, short of suspicion of a crime.
A better argument might be that you should always want to minimize contact with any government, because they have power over you and they make mistakes. The costs to you for a mistake could be huge: imprisonment, loss of time, loss of money, loss of reputation. All for a mistake.
Never touch the government unless absolutely necessary.
For me it's mostly because serious power abuse is coming in many cases from governments. A government is never just an impartial entity but always consists of people with subjective motives. States abusing the power they have when they can invade the privacy of their citizens is just way more common than states falling into anarchy because of insufficient control over it's citizens.
Also people often do things which might be illegal although the moral legitimation for making those actions illegal is at least very questionable. Think about stuff like abortion laws (legal now in Germany, but was illegal not so long ago - so with the same tech states could have checked who visits abortion clinics), certain drug laws (many weak drugs are still illegal in Germany), laws about censorship (especially youth-protection is occasionally very strange in Germany), etc.
There are many legitimate reasons why this is a problem. I'll briefly list a few but there are many more. One is that the government workers who listen to your phone calls can use that information against you, for example if they are a business competitor. They also can create laws which target you specifically that you don't know about or can't avoid breaking. Because they make the laws, there is no recourse against anything that they do with that information.
I'm so glad Germany already went through the Third Reich period back when tech was just beginning. (Not that it can't happen again, but we do try to learn from history.)
Recent news make me believe that there has been no lesson learned from
anything. Right-wing terrorists sponsored by the Verfassungsschutz,
Bundestrojaner, police violence, and Voratsdatenspeicherung. And most
of the population does not even care about any of this. The only thing
that people seem to have learned is how to hide aspirations to power
and control behind some thin veil of democracy.
(Would link you to it directly but the site appears down; the search results may find a mirror, but watch out for links that are essays about the paper rather than the paper itself.)
That is just so scary. I am watching the video this blog-post was based on here: http://www.youtube.com/watch?v=YWdHSJsEOck&feature=youtu...