We live in a totally connected world, where our personal data are increasingly controlled by large technology corporations and where maintaining our privacy as users and individuals is becoming more complicated.
You might think that using a VPN with a conventional browser, Tor or the operating system TAILS we can give corner to those who are dedicated to watch over us. These entities can range from Google, through advertising companies and even government agencies.
Well, none of these measures guarantees anything. No secure system has been designed that is capable of counteracting some particularly ingenious monitoring methods.
No matter how hard we try to protect ourselves. Technology advances by leaps and bounds, which means that we are increasingly reduced to numbers. And what is worse, numbers that are traded and analyzed to know from our eating habits, passing through the music we hear or the movies and series that we consume.
In this article we are going to review a few ingenious ways of collecting data that are passed through the triumph arch of user consent. Let no one say that we have not warned.
Android backups
When an Android device connects to a WiFi network Google stores the password in clear text on its servers, which it uses to upload backups from our device according to a report released by the EFF in 2013.
The worst part is that any government organization could access the Google servers (which by the way is part of the PRISM program). With access to their servers they can know the key of any domestic wireless network and collect and modify any unencrypted traffic passing through it.
You might think that with WPA2 encryption there would be no problem, but the question worth bearing in mind is that it only affects the password and this is saved in plain text. As long as you do not allow Android to back up your device to the cloud, there is no problem.
Steganography in printed documents
We continue with reports signed by the Electronic Frontier Foundation. In 2015 the EFF issued a statement according to which color laser printers include “tracking points” in the form of small yellow dots that act as a kind of encryption.
These points can be decoded for information such as the date of print or the serial number of the printer, as well as any other useful information that can identify the origin of the document. In this way it is easier to locate their origin to the authorities through computer forensics.
This technique is called steganography, used to hide data or messages in files, documents or images . These tracking points are not visible to the naked eye, but it is necessary to use a dark room and an ultraviolet light to view them.
Stingrays or “that van has been parked there too long”
A stingray is a spy tool targeted at mobile phones that allows attackers to track and save locations, intercept Internet traffic and phone calls, install malware on those phones, send fake messages, and execute man-in-the-middle attacks.
They function by pretending to be the legitimate owner of a mobile repeater, then “fooling” all nearby mobiles to connect to their decoy repeater. With these devices you can make telephone calls to millions of people.
Apart from using encryption messaging with point- to-point encryption (a group recently joined by WhatsApp), there is not much more that can be done to counter these threats.
Car License Plate Readers
In the United States these devices are incorporated into the boot of police cars. These are two or three cameras pointed at an angle where they can perfectly frame the license plates of any vehicle, parked or in motion, with which they are.
Car license plate readers can capture up to 1,800 in a minute on vehicles that go up to 240 kilometers per hour. The data they collect is stored in a database, which the police use internally.
If any agent performs a search with a certain number plate you will encounter all the times that vehicle has been seen , which means that you can know where you were going, how often you go to a certain place, the time To which usually goes and even if it took to some passenger and how many.
RFID chips on driver’s licenses and passports
In the United States these chips are incorporated into the cited documents to easily verify a person’s credentials . The idea is to bring it closer to a machine that will read the information and collate it with a government database that will verify that the person is who he claims to be.
In 2009, security researcher Chris Paget demonstrated that RFID technology can be a threat as published in Hackaday. With a device that cost $ 250 in materials, managed to clone two passports without their owners to know in just 20 minutes.
US Customs Agents They want to read your Facebook
The United States proposed a few months ago that people arriving in the country from abroad guaranteed access to their social networks to immigration agents. The text read as follows:
Collecting data from social networks will improve the current investigative process and will give the Department of Homeland Security clarity and visibility to detect possible criminal activity by offering a set of tools that analysts and researchers can use to gain a better understanding of the case.
If for some reason you refuse to provide such information you may be deported or denied entry to the country. On the other hand, facilitating access to your social networks means that you can read your private conversations. No one guarantees that the monitoring of your activity will not continue afterwards.
Location tracking using your mobile’s MAC
This also has to do with airports. If having to guarantee access to your social networks to immigration agents was bad enough, with this technique you can monitor any traveler by capturing the MAC of your mobile phone.
This requires the user to connect to the WiFi network of the airport, as leaked by Edward Snowden when the PRISM scandal broke. Once the MAC is obtained, you can always know where a user is crossing their connections in different public places.
Your car can also filter your sensitive data
Currently the world of motoring for the street moves towards a model of “smart” cars, with Bluetooth, WiFi 4G and virtually any invention available to connect the mobile phone from the driver to the vehicle.
If you have one of these current cars and have used their technologies then it is likely that your phone contacts, the address of your house and the last sites you have gone are stored in it. If by chance someone steals your car you can access the list of your contacts and your addresses.
The Smart TV of your house listens to you
In February of 2015, it was learned that Samsung Smart TV was listening to users through its voice recognition app , developed by third parties. Data collected through this system were stored on the Korean manufacturer’s servers and then sent to other interested parties, including various advertising agencies.
It should be made clear that this is not a rumor. Samsung says it clearly in its privacy policy:
Please note that if your words include personal or sensitive information, that information will be between the data captured and transmitted to a third party.
Those debates around the TV watching anything? If it is a Samsung Smart TV better not think it. You never know who might be listening, and with current Spanish legislation, do not risk it …
Windows 10, that siphon of personal data
After the EFF accused Microsoft of violating user privacy and the amount of questions that the Redmond company has had to answer for it, the truth is that Windows 10 has continued to grow. No one has seemed to care much.
To begin with, if when you install the operating system you configure it with an Outlook account all your personal files and generated documents are saved in OneDrive by default unless you specify otherwise. According to the EFF did not respect the privacy or freedom of choice of the user in this regard, nor to make the devices that run the Home version update themselves without asking the user if he wants to do it or not.
On the other hand, Windows 10 stores all kinds of information about you from the moment you install it and keeps the Cortana wizard in always on mode . The best thing you can do is to deactivate all the features that involve data collection. For this you can use a very useful tool called Fix Windows 10 Privacy.
Google Allo, your talks to the naked
Using Google Allo is the equivalent of going for a walk without clothes. In other words, everyone can see everything. Google has promised major advances in privacy with its personal alternative to WhatsApp, but ultimately failed to meet its users and said that only encrypted messages in incognito.
To make matters worse, conversations are stored on Google’s servers until the user deletes them. On their servers. In plain text. No one else sees the bug? To this we add that the Great G is part of the PRISM program and it is very easy to understand why Edward Snowden so vehemently advised against using this app.
As you can check to maintain privacy today is an almost impossible dream. The anonymity on the web has long been a better life, and despite the efforts of activists and cypherpunks to try to maintain it, maybe it’s time to give up and take over.