Security
As Always, Be *Extremely* Cautious About Installing Browser Extensions
Browser extensions are fraught with danger — which is why I rarely use them — especially those extensions that request your permission to:
- Access your data for all websites
- Access browser tabs
- Access recently closed tabs
- Read and modify bookmarks
- Download files and read and modify the browser’s download history
- Input data to the clipboard
- Display notifications to you
- Read and modify browser settings.
I mean…seriously!?! There is not a snowballs-chance-in-Hell that I would ever give permission to a browser extension to rummage around in my browser and change things, possibly add malware code in to my computer or device’s memory (i.e., the clipboard), as well as essentially look over my shoulder while I use that browser!
Brian Krebs
As you may have already guessed, I’ve been wary of browser extensions for a long time. I wrote about how dangerous browser extensions are back in 2011: Why We Need a Google Condom for Chrome Extensions and again in 2017: Why Browser Extensions Are Dangerous but there are an increasing number of security experts now recommending caution on your use of browser extensions. One such expert is the cyber investigator Brian Krebs who writes the excellent Krebs on Security blog. His latest post was just published on March 3, 2020 and gives great advice and reasoning behind limiting the browser extensions you install: The Case for Limiting Your Browser Extensions.
Add to that my specific intention to limit (or completely stop) tracking as best I can — which is why I’ve moved from Google’s Chrome to Firefox as my default browser — is why I am not just concerned about malware and rogue extensions, I’m more concerned about third-party trackers and the companies that enable them to flourish to our detriment.
A CRACKDOWN ON EXTENSIONS
Fortunately there is a move by major browser companies (i.e., Google with Chrome and Mozilla with Firefox) to crack down on rogue and dangerous extensions. Ars Technica had this article published January 30, 2020: More than 200 browser extensions ejected from Firefox and Chrome stores:
The crackdowns highlight a problem that has existed for years with extensions available from both Mozilla and Google. While the vast majority are safe, a small but statistically significant sample engage in click fraud, steal user credentials and install currency miners, and spy on end users—in at least one case, millions of users, some of whom were inside large companies and other data-sensitive networks.
WHAT IF THE EXTENSION IS FROM A TRUSTED COMPANY?
Even trusted companies can give you a useful browser extension but you need to decide if you’re willing to make tracking you easier. For example, there is a long-time webpage capture browser extension which boasts “millions of users” and comes from a trusted company, Nimbus Web. Though I routinely need to capture long web pages, I would never install their extension and instead I capture page sections manually. Why wouldn’t I just install Nimbus Web’s extension? Because of the following from their privacy policy which allows them to collect and use our user data from the installed extension, combine it or leverage aggregator’s data, and facilitate advertising to us:
“When you use the Websites or Products, we automatically gather information made available by your web browser (such as Microsoft Edge or Google Chrome), Internet service provider (such as Comcast or Time Warner), and device (such as your computer, phone, or tablet), depending on your settings for each. For example, we may collect your IP address, information about the operating system or type of device you use, the date and time you access the Websites or Products, and the location of your device.
Generally, the information addressed under this section is anonymous and does not, standing alone, directly identify you; however, it could possibly identify you when associated with other information. For example, if a third party were to see your IP address, they would not automatically know your name—yet your name could be associated with your IP address by your Internet service provider if you are the named accountholder.“
You could argue that the above is boilerplate and all organizations do some form of this type of data aggregation. But when that data is has specific intents like the following, it shows how they intend to use your data AND allow it to be shared by third parties:
“To Advertise to You. We also use Cookies and web beacons, including those placed by Third Parties, to deliver advertising that may be of interest to you. For example, we use the Facebook web beacon to better target and retarget users and potential users of the Websites by advertising to them on Facebook. Twitter, Google Analytics, Google Adwords, and other Third Party Cookies may also be used in our advertising endeavors. We may also use a web beacon in email messages sent to track your response. Cookies and web beacons also help us and our Third-Party advertising partners ensure you do not see the same advertisements over and over and to identify and block unwanted ads.”
“What about Third Party practices?
Third Party Cookies and Web Beacons: Advertising agencies, advertising networks, and other companies (together, “Third Parties”) who place advertisements on the Websites and on the Internet generally may use their own cookies, web beacons, and other technology to collect information about individuals. Except as expressly provided herein, we do not control Third Parties’ use of such technology and we have no responsibility for the use of such technology to gather information about individuals. It is up to you to familiarize yourself with the privacy practices of such Third Parties.”
Remember this quote when something like this useful extension is free, “You are not the customer. You are the product.”
WHAT EXTENSIONS CAN YOU SAFELY INSTALL?
In my main browser Firefox, I have only one extension installed: the Electronic Frontier Foundation’s (EFF) Privacy Badger. EFF describes Privacy Badger as:
“…a browser add-on that stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web. If an advertiser seems to be tracking you across multiple websites without your permission, Privacy Badger automatically blocks that advertiser from loading any more content in your browser. To the advertiser, it’s like you suddenly disappeared.“
Though Firefox’s new privacy and anti-tracking capabilities are excellent, Privacy Badger completes the capability I seek to make tracking and surveillance even harder for the hundreds of third-party trackers out there. Firefox’s creation organization, Mozilla, also has a rigorous vetting process for extensions and has a short list of verified extensions that do not violate their Recommended Extensions program guidelines.
Here is the best article from Mozilla that I’ve seen yet on how to determine whether or not a browser extension is worthy of (and safe to) install. but if you already know these tips (or have read Brian Krebs’ article above), at least pay attention to wise advice like this from Dan Goodin, the writer of the previously linked-to article from Ars Technica:
“There’s no sure-fire way to know if an extension is safe. One general rule is that there’s safety in numbers. An app with millions of installs is likely to receive more scrutiny from researchers than one with only a few thousand. Another guideline: apps from known developers are less likely to engage in malicious or abusive behavior. The best rule is to install extensions only when they truly provide value. Installed extensions that are used rarely or not at all should always be removed.”
*Any* Backdoor in to Encrypted Devices Will Not Work!
February 14, 2019: President Trump congratulates his new Attorney General, William Barr
TechCrunch reported today that US attorney general William Barr says Americans should accept security risks of encryption backdoors and this idea is a very, very bad one. There is NO FUCKING WAY that I will allow my devices to have a backdoor in them … ever … and please note: this is NOT about me maintaining my social media, email or chat privacy. This is about protecting MY data and MY personal and client accounts.
If the U.S. Department of Homeland Security, Medicaid, Army, Office of Personnel Management, Department of Defense — and companies with their business and reputations at stake — can’t keep hackers out of their systems, how will the government protect a backdoor?
Check out this list of breaches on Wikipedia which starts out with this in the opening paragraphs, and scroll down to see how many companies and governmental organizations have been breached:
It is estimated that in the first half of 2018 alone, about 4.5 billion records were exposed as a result of data breaches. In 2019, a collection of 2.7 billion identity records, consisting of 774 million unique email addresses and 21 million unique passwords, was posted on the web for sale.
If a backdoor is legislated to be put in our smartphones, tablets and computers, I can absolutely guarantee that it will get out in to “the wild” and be used by blackhat hackers, regardless of what NON-TECHIES like Barr and Trump spout off about in rallies or articles.
Like CGPGrey has said, “There’s no way to build a digital lock that only angels can open and demons cannot. Anyone saying otherwise is either ignorant of the mathematics or less of an angel than they appear.” I submit that most leaders are not only ignorant of both the math and why it is not technically feasible to put a backdoor in to encryption, they only care that we can keep governmental (and hacker!) prying eyes out of our most sensitive information.
One glance at my iPhone shows that there are numerous apps that could destroy me financially and potentially provide access to my LastPass password manager … allowing subsequent access to nearly 2,000 passwords for clients and every website I’ve signed in to in the past. For example these apps being compromised:
- Charles Schwab with access to my entire portfolio
- Wells Fargo with access to my wife and my accounts
- My Bitcoin wallet
- My Apple Wallet with multiple credit cards and Apple Store cards with money in them
- Signal communication app — which protects our communications when my wife, kids or myself are traveling overseas
- My LastPass app with connections to my password vault…
- …and too many more.
I could go on and on but let me have John Oliver amusingly inform you about the realities of having the government put a backdoor in and defeat encryption:
Tracking Companies Are The Real Threat To Our Privacy And Congress Is Doing Nothing About These Secondary Surveillance Networks
Congressional “theater” is happening right now and our ‘Congress Critters’ are all seemingly outraged at the privacy violations by Facebook, Google, and all the other tech companies we all use every day. Some even want to break them up as do various Democratic presidential candidates.
But I’d like you to notice that there is not a *peep* from any of them about all the other tracking companies out there, especially ones like Palantir.
Those tracking or “secondary surveillance network” companies are the REAL privacy threats. Literally everything you do digitally is tracked including:
- Buying anything either online or offline as your credit card data can be purchased by tracking companies and combined with other data
- Emailing and texting metadata is captured (the content is protected as a warrant is needed to search within an email)
- Moving around with your smartphone in your pocket provides tracking data of your movements
- Everything you do (or your devices do automatically) through your internet service provider is tracked now that net neutrality is dead (ISPs can sell your data)
- Everywhere your face is “recognized” by a camera connected to an increasing number of systems without any regulation since your public persona can be photographed
- And much more.
Want to See How Bad It Is?
Palantir is one company that has always scared the beejeezus out of me out of me as I’ve personally analyzed this completely opaque and secretive organization. But it wasn’t until I read this article Revealed: This Is Palantir’s Top-Secret User Manual for Cops did I say HOLY SHIT THIS IS BAD!
Turns out Motherboard obtained this Palantir user manual through a public records request, and it gives unprecedented insight into how the company logs and tracks individuals and their system goes far beyond what I ever imagined as a worst-case scenario:
“Palantir is one of the most significant and secretive companies in big data analysis. The company acts as an information management service for Immigrations and Customs Enforcement, corporations like JP Morgan and Airbus, and dozens of other local, state, and federal agencies. It’s been described by scholars as a “secondary surveillance network,” since it extensively catalogs and maps interpersonal relationships between individuals, even those who aren’t suspected of a crime.”
In addition, this article 300 Californian Cities Secretly Have Access to Palantir shows how hard various law enforcement and other agencies are hiding the fact that even use Palantir:
Motherboard obtained documents via public record requests which reveal that the scope of Palantir’s influence in California is significantly larger than previously documented. Payment records indicate that between January 2012 and March 2017, about three hundred cities, collectively home to about 7.9 million people, had access to Palantir’s Gotham service through the Northern California Regional Intelligence Center (NCRIC), which is run through the Department of Homeland Security.
Why use Palantir’s Gotham service instead of licensing the software outright?
Gotham is one of Palantir’s two services, and the other service is Palantir Foundry. These 300 police departments could request data from Palantir, and an NCRIC agent would retrieve this data and provide it to local police. Per this arrangement, none of these departments have to disclose the fact that they have access to Palantir.
Read these articles and go scan the manual and you’ll see that it is trivial for any user of their system — whether directly with Palantir or one of their “service” companies — to obtain a HUGE ARRAY OF PERSONAL DATA on any one of us!
Again, notice how Palantir is not even in the conversation any Congress Critters or presidential candidates are having? Also, where is the mainstream media in all of this?
These secondary surveillance network/tracking companies are already out of control. Congress must act now but they won’t unless you tell them to do so and vote accordingly going forward.
Want to know more and/or take action like I have?
Ask your Congressperson and Senators to pay attention to and regulate these tracking/secondary surveillance network companies:
- More on Palantir
- Bloomberg: Palantir Knows Everything About You (interesting graphic that runs in the browser which shows all the data sources!)
- Wikipedia: Palantir Technologies
- More on Secondary Surveillance Networks
- Find your member of Congress and contact him or her:
Watch the Net Neutrality Senate Livestream on June 11th
Since I care (as we all should) about privacy, security, government surveillance, third-party trackers, and all the other downsides that have already happened to this thing we love called the internet, WE ALL need to stand up and make our voices heard about the recent bill passage to gut net neutrality. That's why I just donated (and have continued to donate) to the Fight for the Future cause and will be watching the livestream next Tuesday, June 11th, to see what is happening and to leverage social media to bring attention to it.
What’s happening?
One year ago, Big Cable’s dream came true: they killed net neutrality, giving ISPs like Comcast, Verizon, and AT&T control over what we see and do online. Millions of people demanded that Congress restore net neutrality. In response, the House of Representatives passed the landmark Save the Internet Act. But Senate Majority Leader Mitch McConnell — who has taken over $1 million in campaign donations from Big Cable — is refusing to allow his branch of Congress to vote on this popular bill. So on June 11th, net neutrality supporters in the Senate will try to force a vote using a procedure called “Unanimous Consent.”
How can you help?
We’re organizing an epic livestream so that millions of everyday people just like you can watch their lawmakers, and hold their lawmakers accountable for their actions … or inaction. Fill out the form above and tell Congress why you support net neutrality. We'll make sure your comment gets hand-delivered to Congress, and we'll be reading our favorite comments during the livestream on June 11th. You can also spread the word on social media to make sure everyone knows what's happening.
Watch the livestream on June 11th
ProtonMail Continues To Be The Safest, Most Secure, and Private Email Provider
Last evening I saw this article link from Steiger Legal, on a blog run by Swiss lawyer Martin Steiger, in which he published a damning allegation that my beloved ProtonMail, the end-to-end encrypted email provider, was:
Email service provider ProtonMail, based in Switzerland, offers assistance for real-time surveillance: Voluntarily!
Steiger goes on with writing a factually incorrect article about ProtonMail on his blog, alleging, among other things, that “ProtonMail voluntarily offers assistance for real-time surveillance.”
Fortunately ProtonMail responded with, in part, this clear statement:
So that there can be no ambiguity: ProtonMail does not voluntarily offer assistance as alleged. We only do so when ordered by a Swiss court or prosecutor, as we are obligated to follow the law in all criminal cases. Furthermore, ProtonMail’s end-to-end encryption means we cannot be forced by a court to provide unencrypted message contents.
That’s crystal clear in my view. Just to restate that last sentence, even if a prosecutor was able to scrape metadata about which user emailed to another person(s), the contents of the email could not be decrypted by ProtonMail and provided (and a government or intelligence service could not as well without massive computing power and a lot of time!
Unfortunately I had seen this article but not ProtonMail’s rebuttal before emailing their support and tweeting it to @ProtonMail, they responded to my tweet:
Hi Steve, these allegations are false, and have also been refuted by the Swiss public prosecutor earlier this week. We have responded on our blog here with more details: https://t.co/xdz2xfF4pu
— ProtonMail (@ProtonMail) May 31, 2019
I then responded and apologized for being rash and not investigating fully before tweeting:
Thank you for the clarification! Had not yet read the HN thread nor your post. Should have gone there first … apologies for that.
Note: With all the recent breaches and revelations that mobile apps are “phoning home” with metadata, my paranoia is accelerating. https://t.co/7XAkEEKD8B
— Steve Borsch (@sborsch) May 31, 2019
The “recent breaches” and “phoning home” items I referred to in my reply to ProtonMail were:
- Brian Krebs’ scoop that First American Title company exposed 885 million Americans home purchase documents (Note: They were my title company when we bought and closed on a new house out here in California only six months ago).
- Washington Post article about how their privacy experiment showed 5,400 hidden app trackers guzzled our data — in a single week on the reporter’s iPhone.
Is it no wonder I rushed-to-judgement for a secure email service I rely upon to keep my emails to family and friends — and the PDFs, Word docs, and Excel spreadsheets with vital data in them — secure from prying eyes?
Thank you, ProtonMail team, for helping to keep us safe and secure!
NSA Loses Control of THEIR Hacking Software and Apple’s Tim Cook Was 100% Right
Remember when Apple’s Tim Cook wouldn’t put in a backdoor to iOS so the FBI could gain access to the San Bernardino terrorist’s iPhone? THIS IS WHY!
If the NSA can’t control software as destructive as this, how can any government guarantee a compromised operating system won’t get in to the wild? (One guess: they cannot and Tim Cook was 100% right).
Read this article in The New York Times as it tells the story of the NSA’s software loss well.
We must have end-to-end encryption on our devices. Period.
Here is what I believe is the *best* backup solution money can buy
It happened again this morning: A friend reached out to tell me their PC’s 1TB hard drive had crashed and could I help? Of course you guessed it, they did not have it backed up, the drive was toast, and they have either lost everything or could pay close to $2,000 to have the drive recovered!
I have a hard time feeling any sympathy for them, especially since he and I have discussed backup numerous times. I’ve always encouraged him to buy one of inexpensive backup drives that exist, which makes backing up so simple that anyone can do it, even him. So I’ll implore you to backup just like I did him but he is serious about it now after it is too late: PLEASE back up all of your systems and, especially, your main PC or Mac. It’s not IF your hard drive will fail, but rather WHEN it will fail.
WHY I DON’T BACKUP TO CHEAP DRIVES
For me, however, a cheap backup drive won’t do it which is why I use the ioSafe G3 drives:
The ioSafe Solo G3 is fireproof and waterproof external hard drive engineered to keep data safe during fires and floods and to protect to from theft. Designed for optimal reliability, the G3 hard drive is the easiest way to protect your photos, videos, documents and other irreplaceable data.
I’ve written about these drives before here and here and I own two of them. My iMac has a 1TB solid state drive in it and I have one external 3TB ioSafe G3 drive which is nearly full of music, photos, and files. Both my iMac’s drive and my external 3TB drive are encrypted with FileVault, so I needed a 4TB external drive to use for a Time Machine backup drive. So I purchased that second ioSafe drive — this time in a 4TB size — to back them both up (and yes, everything is encrypted there too).
In fact, today I ordered another ioSafe G3 drive but this time in a 6TB configuration. Why? Because my Time Machine backups only go back 30 days and I want them to go at least 30 days further back and maybe longer, so an extra 2TBs of storage will enable me to do that (and I’ll wipe my 4TB drive and connect it to my wife’s iMac).
WHY I DON’T BACKUP TO THE CLOUD
Consider me paranoid, but unless I control the private encryption key I don’t feel my data is safe. Anyone with that key can unlock my data and view it (e.g., Dropbox can, in theory, read all of your files).
The only one I would consider is SpiderOak’s personal One backup plan, a solution that encrypts your data before it is backed up and sent to their servers. As good as SpiderOak is, there are a few “fatal flaws” I see with using it (or any cloud service) as my primary backup solution:
- My data is in the cloud on someone else’s servers.
- It takes forever to transfer large data files so backing up is time consuming. Moving huge files can also hammer on your internet service provider’s data caps (which are becoming more common now that TV streaming is ubiquitous and used by more people than ever before) so you’ll have to pay more for data.
- The 5TB service I’d need is $29 per month ($348 per year) which would buy an ioSafe G3 drive itself!
WHY I USE IOSAFE DRIVES & BELIEVE THEY’RE THE BEST
Look … you can go ahead and backup to cheap drives. But lets say your house catches on fire and the fire department arrives to put it out. If the area near your computer burns your PC is melted and so are your backup drives and everything will be lost. Even if it doesn’t burn and melt, the water used to put out the fire will most likely compromise the backup drives and make them unrecoverable.
The features that make it “the best” backup solution money can buy include:
- The ioSafe drives can withstand temperatures up to 1550°F for 30 minutes per ASTM E119 (PDF).
- They can be completely submerged in fresh or salt water up to a 10′ depth for 72 hours (which is so much more than a firehose would douse them with in a house fire).
- The drives can be secured to either the floor or a hard-to-move object to prevent the drive, and the data it holds, from being stolen (I bolted my drives to my desk when our house was up for sale so no one could grab one and run off with it!).
- These drives are very, very quiet and, with USB 3, they are fast.
- They are a “set it and forget it” backup solution. If you have a Mac, use Time Machine to back up your computer. If you have a Windows PC, buying an ioSafe drive includes a license to Genie Timeline Professional: easy to use backup software for Windows that can protect your data with military-grade 256-AES encryption.
Living here in southern California makes drives like these even MORE important for my wife and for me. With earthquakes, wildfires, and more humans than most places on earth (so more likelihood of theft), having these drives as my backup solution give me peace of mind.
HOW AND WHERE TO BUY
Though you can buy these drives directly from ioSafe, here are a few places to pick up a 2TB, 3TB or 4TB drive less expensively:
- Amazon has the G3 2TB for $315.00
- Amazon has the G3 3TB for $349.99
- If you are a Costco member, you can pick up an ioSafe G3 4TB drive for $349.99
WHATEVER YOU DO … BACK UP!!
“Borsch, you’ve told me I need to back up … I get it!” OK, OK … but I thought my buddy didn’t want to hear me pontificate about backing up either and he didn’t … and now he’s lost all his photos, videos, emails and other data.
Don’t be like my buddy … back up now.
Disclaimer: I receive absolutely nothing from ioSafe or anyone else for my enthusiasm for their incredible hard drives. Yes, I do think they’re the best and just want everyone to back up!
Get Secure *Before* You Get Hacked
As I’ve been dubbed “Mr. Security” by my friends, family and clients (I pay significant attention to, and use, cybersecurity, privacy and software measures) but my pleadings with them to be secure often are ignored…until they get hacked. Then they plead with me to help them out and get their digital life on track. Usually it’s too little, too late, and the work to recover is enormous.
You should care deeply about your digital life and its security, especially since the risk of getting hacked is exploding! The World Economic Forum in its 2018 report (PDF) said blackhat hackers are gaining the upper-hand in cyber warfare…and they are coming after you…and even the experts can’t keep up:
“Offensive cyber capabilities are developing more rapidly than our ability to deal with hostile incidents.”
Here’s the good news: if you haven’t yet been hacked it’s likely you will at some point, so lets get you cyber secure NOW!
SECURITY CHECKLIST
I was delighted this morning to discover this Security Checklist, “An open source checklist of resources designed to improve your online privacy and security. Check things off to keep track as you go.”
The Security Checklist is very comprehensive, easy to follow, and one you should look at and implement as quickly as possible. It gives you the “why” and specific resources to use for each category, making this pretty brain-dead-simple to follow and implement:
- Password Manager
- Create a strong device passcode
- Use two-factor authentication
- Set up a mobile carrier PIN
- Encrypt your devices
- Freeze Your Credit
- Use 1.1.1.1 for DNS resolution
- Use a VPN
- Cover your webcam
- Use a privacy-first web browser
- Use a privacy-first search engine
- Review app permissions on your devices
- Review your social media privacy settings
- Educate yourself about phishing attacks
Google’s Motto ‘Do The Right Thing’ is for Them and Not Us — Especially with Chrome 69
For years I’ve been a staunch supporter and trusted Google, loved their services like Google Suite, Gmail, Google Voice, and others, all while admiring their machine learning and artificial intelligence research. One thing I specifically trusted was Google’s Don’t Be Evil motto which was baked in to their Code of Conduct for the company.
Then, back in May, I became troubled when they removed Don’t Be Evil and replaced it with Do The Right Thing. At the time I joked with a friend of mine asking him, “Is ‘do the right thing’ for us, or for Google?”
It appears the motto change was focused on Google.
The biggest shift away from that “Don’t Be Evil” motto that Google has ever done just happened. Though this thread started on Hacker News a few weeks ago, a cryptographer and professor at Johns Hopkins University whose blog I follow, Matthew Green, wrote a post entitled, Why I’m Done with Chrome. In it he said:
A few weeks ago Google shipped an update to Chrome that fundamentally changes the sign-in experience. From now on, every time you log into a Google property (for example, Gmail), Chrome will automatically sign the browser into your Google account for you. It’ll do this without asking, or even explicitly notifying you.
Green also sees this move as having serious implications for privacy and trust. Do you think!?! My trust-level in Google has plummeted. So much so that I have now shifted 100% back to Mozilla’s Firefox browser and away from Chrome. I will no longer use Chrome until they change the way they infiltrate my privacy.
SO WHAT EXACTLY DID GOOGLE DO?
Google’s recent update to Chrome (browser version 69) has done something unprecedented in their history:
a) Once you login to Chrome as a user, Google can (and does) track EVERYTHING you do in the browser. Every site you view, every login. The change? If you login to any Google service in the Chrome browser, Google will log you in to that browser to give them access to everything you’re doing within Chrome.
b) As a user you can no longer delete ALL the cookies in your browser. Google’s cookies remain no matter what you do. (Hat tip to Christoph Tavan for discovering this breach)
c) Google is increasingly using “dark pattern” user interfaces in their services to hide or obfuscate what something does when you check, uncheck or choose an option. In ExtremeTech’s article Chrome 69 Is a Full-Fledged Assault on User Privacy, they describe how Google’s dark pattern user interfaces obscure their intent to get you to enable them to do the right thing for Google:
These changes are all part of what’s known as a dark pattern. If a pattern is defined as a regularity in the world (designed or naturally occurring) that repeats in a predictable manner, a dark pattern is an attempt to trick users by designing interface options that look like the options users expect to see.
I, for one, don’t want to research, study or figure out how a company I trust might be trying to trick me in to do something that is in THEIR best interest…and not mine. I’d rather pay for offerings and am growing tired of “being the product“.
FOR MORE
- GOOGLE NEWS COVERAGE: FIND IT HERE (yes, I’m aware of the irony)
- THE VERGE: Google criticized for Chrome change that logs users in without telling them The latest version of the browser, Chrome 69, is pushing users into sharing more data, say critics
- WIRED: A Seemingly Small Change to Chrome Stirs Big Controversy
- THREAT-POST: Google’s Forced Sign-in to Chrome Raises Privacy Red Flags
- INQUIRER: Chrome 69 secretly logs you in to Chrome Sync when you visit a Google site
- SECURITY RESEARCHER S. BÁLINT: Chrome is a Google Service that happens to include a Browser Engine
Supreme Court Rules Police Need a Warrant to Track Our Mobile Phones
This morning the U.S. Supreme Court ruled that police must obtain a search warrant in order to get access to cellphone location information.
This is HUGE and a big win for anyone who cares about intrusive, mass, warrantless surveillance that is, by any measure, illegal searches and (data) seizures.
Chief Justice John Roberts sided with the “liberal” justices (ones I instead use the adjective “strategic” to describe). This National Public Radio (NPR) story In Major Privacy Win, Supreme Court Rules Police Need Warrant To Track Your Cellphone put it succinctly:
The majority declared that the Fourth Amendment guarantees an expectation of privacy and that allowing police to obtain moment-by-moment tracking of an individual’s cellphone location is a kind of surveillance that the framers of the Constitution did not want to occur without a search warrant.
The chief justice said that this sort of tracking information is akin to wearing an electronic ankle-bracelet monitoring device and that the citizens of the country are protected from that kind of monitoring unless police can show a judge that there is probable cause of a crime that justifies it.
After the 2014 Edward Snowden revelations about mass, warrantless surveillance of U.S. citizens — which was being performed by the signal intelligence focused National Security Agency (NSA) — was an enormous concern both domestically and internationally as the NSA’s clear mission was to focus only on foreign signal intelligence while excluding spying on American citizens. The outcry domestically and internationally reached a fever pitch…but little was revealed on what was being done to stop mass, warrantless surveillance.
Then some of Snowden’s document releases were published and it was revealed that all of this vacuumed-up data had a “Google-like search engine” that could be used to scour all data for an individual or group. Somehow the Drug Enforcement Agency (DEA) and other law enforcement agencies were being provided with data that couldn’t be challenged in court due to “national security concerns” so the extent of data being swept-up has never been completely understood.
The bottom line? The accelerating “surveillance State” was already out of control and Congress seemingly turned a blind eye toward it and extended its capability.
Though it has taken too many years for the Supreme Court to weigh in on the Constitutionality of warrantless surveillance, the explosion in law enforcement’s use of cellphone tracking devices like Stingray, meant that warrantless tracking by police agencies was low-hanging-fruit for the court to address.
In my mind it’s too little, too late…but it’s a start.