Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Mercer

How to browse the internet without being spied on.

Recommended Posts

Some interesting links that are relevant.

 

Facebook’s facial recognition will one day find you, even while facing away

https://arstechnica.com/information-technology/2015/06/facebooks-facial-recognition-will-one-day-find-you-even-while-facing-away/

 

Think it's cool Facebook can auto-tag you in pics? So does the government

https://www.theguardian.com/commentisfree/2015/jun/27/facebook-tag-pics-government

 

 

Share this post


Link to post
Share on other sites

I have a tendency to get into deep technical crap pretty quickly, partly because there isn't much of a good way to describe a lot of this shit, and partly because I've seen how easy it could be done even if a company wasn't complicit in it to begin with.  If you want to read some fun examples from experience, here they are, otherwise there are some links to various stories that filtered into the news more recently:

 

The second part I realized after a few years of compiler / security software development.  At some point I'd figured out that the only time anyone was reviewing any of my code in detail was when they wanted to learn more about how to do something with the compiler.  They generally quit working on bug-fixes at that level because if they waited for me to stumble in to work I'd have a fix in 10 minutes after they'd been trying to work out the error message for 4 hours.  From the standpoint of security software in general, this was worrying to me.  There were 3 major foreign banks building their phone apps with our provided compiler at that point, and since nobody was paying attention to what I was doing, I could have put practically anything in their finished software before it was actually released to the public at that phase...   then my thought was along the lines of "if I would be able to do this, and I'm just some random guy, how hard would it be for someone organized and actually trying to do so?".  This company wasn't exactly lax, either, it's just how things go in that industry, and gets worse when the company doesn't work in that area.   It tells you quite a bit about how some of the spyware probably managed to get into things in the first place, assuming the manufacturer doing it didn't just agree because it matched their own interests. 

 

Keep in mind the whole area of computer security openly encourages the kind of thinking that would get someone fired in nearly any other area (i.e. like a total psychopath).  Case in point:  Once, while incredibly intoxicated and typing like a retarded chipmunk, I wrote a couple of paragraphs in reply to something about self-driving cars on linkedin (which I've never been able to treat very seriously).  It went something like "Well, what I predict happening with computer control systems / self-driving systems in cars is something like...  you're driving down the road, and suddenly your cars pulls over and stops.  A voice comes over the console and says, 'Hello xxx, your car is now under remote control from the friendly folks at FuckOff Malware Inc.  You have something to write with?  Good.  Take down this number.  Repeat it back.  Good.   Now, we're going to go back to cruising down the road.  We'll be going faster than before and the steering might be a bit wobbly but I'm drunk right now.  What you're going to be doing is going to x.com and sending $30,000 in BTC to that number I gave you...  Oh, I see your bank account only has $24,497.83 in it, so just send that, I'm feeling nice today.   Failure to do this in 10 minutes will result in this vehicle accelerating to 100mph and crashing into a fucking telephone pole.  Thanks for your time, we hope you enjoyed shopping FuckOff Malware Inc.' *click*"

 

I know someone is thinking "you didn't really post that" or "that's not a good thing to be posting on linkedin" or "get the fuck away from me you lunatic", and you're right on the last two points anyway.   Within a week of posting that, I'd been contacted for interviews by one company doing engine control firmware for vehicles in general, one self-driving car company looking for a senior engineer, and another looking for a director of security for the new security department they were creating (presumably after reading that post and wondering how bad the lunatics that weren't posting on linkedin must be)...  Now picture the results if you said that to a psychiatrist.  😨

 

So taking all of the above to the  extreme, think about the mentality of someone doing this sort of thing somewhere like the NSA, where they not only have to think along that kind of lines for a living but also be good enough at lying about it that they can manage a background investigation that pulls everything from the past 10 years and convince whatever agency is interrogating them about it while they're hooked to a polygraph that they're well adjusted. 

 

Anyway, on the machine learning shit...  most of the current trend towards it has to do with management and the majority of programmers failing to understand what it actually can do and assuming it's another magic bullet.  The actual uses tend towards the "shit no consumer should want" category I mentioned in the first post.  The tech has lots of cool non-creepy uses, but none of those involve a cellphone.  What I see in that technology is the sheer amount of deniability it has.  Dissecting a trained neural net and determining exactly why it did something with some set of inputs isn't really feasible.  The networks themselves are huge and would take a massive amount of time to analyze in a meaningful way even if the internal representations of data they used made sense to humans, which it doesn't. Training, say, an image recognition network, requires huge amounts of GPU time and a human babysitting the thing and telling it when it fucked up, which kind of automatically influences the results. 

 

As an example, Amazon is marketing their face recog tech to law enforcement for use matching a face to mugshot databases, and a few news stories have covered this because it seems to have an abnormally high false positive rate on pretty much everyone, but especially black people.  So, how do you fix this?  Whose fault was it?    The person doing the training might be racist, or they might just not have had much real life exposure to anyone but white people and are leaning towards matches.   The tech might be failing because it's trying to use caucasian skin tones to identify features after a certain level of training where it saw light-skinned faces more often because of a biased input data set.  It might have to do with photographers being generally worse at pictures of darker skin tones.  It might just be a reflection of the abnormally high arrest rates among the same population...  Hell, the thing could have become proto-sentient and is trying to spark a race war (the machine learning specialist pops in with 'Nah, we don't have true AI yet' then nervously chuckles because he's not entirely sure.   The point is all of those things are abstracts and without some line of actual software to point at and say, "Ah-ha, someone made a  calculation error in Face::isBlackMan() and it returns false and ::isMatch() uses ::detectWhitey() instead.  We'll fix that in a jiffy", there's nothing anyone can fix.  Everyone will go back to reading their "outrageous shit trump posted on his twitter" feed 10 minutes from now in any case, so no worries.  😛

 

http://fortune.com/2018/05/09/amazon-alexa-lennar/

Amazon Alexa Will Come Built-In to All New Homes From Lennar

Oh thank god, I was wondering when the fucking spyware would come pre-installed on the house itself.  I hope they bundle motherfucking facebook messenger so you can ask alexa to search google for hardcore granny fisting porn to send your friends.

 

https://www.xda-developers.com/qualcomm-snapdragon-845-hexagon-685-dsp/

Qualcomm Hexagon 685 DSP is a Boon for Machine Learning

Just some PR for new phone chips with ML acceleration from late last year

 

https://arstechnica.com/tech-policy/2018/07/amazon-cops-should-set-confidence-level-on-facial-recognition-to-99/

Amazon: Cops should set confidence level on facial recognition to 99%

Because I trust the cops to read the manual for a neural network.   And understand what that headline means.

 

https://www.cbsnews.com/news/hackers-break-into-voting-machines-defcon-las-vegas/

Hackers break into voting machines within 2 hours at Defcon

Breaking News:  Y2K bug causes panic among computer users!  George W. Bush inaugurated. 

 

https://arstechnica.com/gadgets/2018/07/new-spectre-attack-enables-secrets-to-be-leaked-over-a-network/

New Spectre attack enables secrets to be leaked over a network

New 'internet' allows secrets to be leaked over a network.

  • Props 2

Share this post


Link to post
Share on other sites

I read that whole thing and had to dip to TOR for a minute after the granny fisting was mentioned, now my arm is exhausted. 

 

 

On a serious note, I wonder what's cutting edge with intelligence agencies like the former KGB, or NSA. Keep in mind the entire internet was originally the intranet for the US military first. Just some of the stuff I've seen private companies (that are bound by laws) are capable of is disturbing. Imagine a what a rouge organization like the NSA (that has no laws it follows) is doing.

Edited by Mercer
  • Like 1

Share this post


Link to post
Share on other sites

I wanted to do one of these for how to use macs + iPhones  and wondering if anyone in here uses any of the following.

 

1. Dropbox as opposed to iCloud, also if used, do you use the camera uploads feature?

2. Password manager?

3. Hazel, or manually writing your own applescript for automation?

4. A firewall to monitor all connected activity?

5. a VPN service?

Share this post


Link to post
Share on other sites
1 hour ago, Mercer said:

I read that whole thing and had to dip to TOR for a minute after the granny fisting was mentioned, now my arm is exhausted. 

 

 

On a serious note, I wonder what's cutting edge with intelligence agencies like the former KGB, or NSA. Keep in mind the entire internet was originally the intranet for the US military first. Just some of the stuff I've seen private companies (that are bound by laws) are capable of is disturbing. Imagine a what a rouge organization like the NSA (that has no laws it follows) is doing.

I'd search one of the agency websites for GrannyFisting.mp4.exe but I'm afraid they'd try to hire me. 

 

Bob only knows what the more confusing agencies are doing...   The KGB is probably hunting down the last few people without a picture of Putin in their house and planting nanotech in diverted chinese computer parts for shipment to the US and the NSA is planting nanotechnology in the pictures of Stalin at the factory to record everyone's conversations about the KGB. 

Share this post


Link to post
Share on other sites
1 hour ago, Mercer said:

I wanted to do one of these for how to use macs + iPhones  and wondering if anyone in here uses any of the following.

 

1. Dropbox as opposed to iCloud, also if used, do you use the camera uploads feature?

2. Password manager?

3. Hazel, or manually writing your own applescript for automation?

4. A firewall to monitor all connected activity?

5. a VPN service?

1. I use iCloud, so I'm not of any use there.... but doesn't MS own DropBox?  I wish there were a roll your own cloud backup feature for modern phones.

2. I use LastPass and intend to at some point pay for access through them so I can use my YubiKey to login with it.  I think the free version works rather well, I have mine set up with 2FA on my phone's google auth app.

3. never messed w/ that.

4. What you're talking about is going to cost some money if you're monitoring any type of decent throughput.  You're talking Packets Per Second analysis that takes CPU cycles to do.  The expensive network equipment can do this but.... it's very pricey.  A computer running linux can use WireShark, ngrep, or tcpdump.  I'm sure there are more, but those are the ones I'm familiar with.

5. I use privateinternetaccess.com for my VPN service.  They have good phone apps that are easy to use and you can be connected on multiple devices at once.  I think they don't keep logs of traffic either.  Further for DNS on my local network (assigned via DHCP) I am using 1.1.1.1 and 9.9.9.9 for my resolvers.  These are "private/security" focused resolvers put up by people deciding that privacy was a good thing.  The other option is to run OpenVPN from a linux box in a place of your choosing, bare metal off shore or in the cloud.... whatever.

 

Also, great post GnomeToys.

 

 

Share this post


Link to post
Share on other sites

SonicWalls might be the cheapest routers in that high end category and have a wireshark type interface built into the management gui.  They're still close to $500 and overkill for home use and in terms of setup.  Their manual was close to 2000 pages long.  😮

 

Also thanks.  Another fun semi-recent article -- Washington DC is apparently covered with random StingRay cell signal monitors that no agency here actually installed and everybody seems to be confused about what to do about it.

https://www.wired.com/story/dcs-stingray-dhs-surveillance/

 

 

Share this post


Link to post
Share on other sites

Almost seems time to start a homebrew group. Anyone here into Arduino?

 

Wanted to put a project together that what look for power outages and switch to a battery bank instantly once grid power drops so I can run my water pump in case of outages. I know @Mercerhas built something similar, so wondering if maybe we can get a discussion (group) going?

Share this post


Link to post
Share on other sites

I have various microcomputer type boards laying around but never messed with them much outside of work.  Always like reading about projects though.   I can help out with programming questions in general , and compiler toolchain issues.  Have some random parts laying around people might be interested in too, I'll never use them and got them free / cheap.  I'd be interested in a group.

 

 

 

 

Share this post


Link to post
Share on other sites

Meanwhile, I try to figure out at what point AWS upped my EC2 limits to a combined total of 200TB of SSD storage and about 500TB more of miscellany...  and just by best estimates, somewhere hovering around ~1000 xeon cores.  In one region.  I didn't even bother trying to figure out the bandwidth but most of them are at least 10Gbps links.

Note that I registered the account and asked for one multi-gpu instance so I could play with Tesla V100 hardware last year after writing a completely incoherent reason for the request since those are in hot demand...  decided just setting everything up let alone doing anything with it was going to eat too much money, paid $12 for a few hours worth,  and left.  In January some ridiculous bill for hundreds of dollars showed up in my inbox so I called the fuckers because I hadn't logged in.   Got refunded for that (and for the time I'd actually used).  The person at AWS said they'd been running some kind of machine learning software to predict instance use and it must have activated them (I SEE WHAT YOU FUCKING DID THERE, DENIABILITY 😄  ).  Naturally AWS Neptune started trying to recruit me a week later.  

The funniest part is there aren't any GPU instances in the list anymore, and one of those was all I had asked for in the first place...  not enough space / computing power to store and encrypt all of the data created by a small country since 1980 and the bandwidth to DDoS them afterwards.  😛
 

Edited by GnomeToys

Share this post


Link to post
Share on other sites

That is the exact mindset of the majority of young intellectuals pursuing degrees in the social sciences. They will have no other venue for their PHD's trans studies but to find work in the government. I deleted all of my original tweets years ago, and half my posts on here worried about the random times I've called people faggots.

Edited by Mercer

Share this post


Link to post
Share on other sites

Any thought on reddit getting hacked? I believe I read that they were not going to notify their users whose profile information was accessed. 

 

 

Also I use dropbox mainly for business shit I have yet to try and upload any of phone photos.

 

 

Edited by mn1_fuckos

Share this post


Link to post
Share on other sites

The last one says more about Disney being shitbags as employers.  Also in general, but plenty of other things say that.  They already knew about this.  His directing history has the "James Gunn's PG Porn" TV series with such exciting episodes as the "Squeal Happy Whores" and "A Very Peanus Christmas" Peanuts spoof which I'm going to go watch as immediately as possible.  Assuming nobody at Disney was paying attention in 2008, in  2016 he had writing credits in

Dolphinman Battles the Sex Lobsters :

Quote

Sgt. Kabukiman NYPD contracts a deadly new STD, The Sex Lobsters, and unknowingly spreads it around town while visiting Tromaville's best orgy spots. Only Dolphinman can find the cure and save the day!

The old tweets were convenient for the asses trying to get him fired, but his bigger mistake was complaining about Trump if I pieced things together correctly.  But yeah, go on and act all shocked, Disney. 

Or it might just be karmic payback for Scooby-Doo 2: Monsters Unleashed 😄

 

Seriously though, at least this guy probably isn't going to be hurting for work or anything.  DC Entertainment should hire him and make a green lantern movie that doesn't suck ass. 

 

 

  • LOL! 1

Share this post


Link to post
Share on other sites

I can't comment on what's going on in this one because I'm lacking background on it but it sounds dodgy as fuck:

http://www.daily-journal.com/news/local/kankakee-chief-investigates-critics/article_c77bf066-910d-11e8-a37e-cbe13f4cf7fd.html

 

Quote

In a brief interview at the police station, Dumas said he searched the database for Menz because Menz posted a photo on Facebook of Mayor Chasity Wells-Armstrong’s city-owned Tahoe parked on city property.
...

In the post, Menz commented, “Hey, check out Mayor Chasity Wells-Armstrong’s new ride! This is a big upgrade from the Chevy Malibu that (former Mayor) Nina (Epstein) used to drive. If you feel nostalgic for the Malibu, don’t worry, though, it is in storage at the fire department.”

...

 

The chief said the photo concerned him.

 

“You can post anything about me you want on Facebook, but not the mayor. She is a protected class,” he said.

 

He said she was in a protected class because she was an elected official. He didn’t say which law gave that distinction for elected officials, although civil rights and hate crimes laws do not.

 

Dumas questioned why someone would post a photo of the mayor’s city-owned car with license plate number.

Internet readers question ability of Kankakee, Il. police chief to point correct side of gun away from himself,

 

Share this post


Link to post
Share on other sites
Quote

“You can post anything about me you want on Facebook, but not the mayor. She is a protected class,” he said.

Quote

State police spokesman Matthew Boerwinkle said the state prohibits the LEADS database from being used for personal reasons and that its use must be connected to legitimate criminal investigations.

Shocker!

 

So much for government by the people for the people when the political class have their exceptions and privileges.

 

Or that authorities might abuse the information that they collect, rather than maintain use for *lawful* purposes as intended (never mind that *lawful* is a fluid term and what might be lawful today, could very well be unlawful tomorrow, though I suspect that the databases wouldn't be purged to allow a fresh start since the rules have changed).

 

Keep that in mind when you hear the debate come up surrounding allowing for a gun registration database and how that might be a very bad idea.

Share this post


Link to post
Share on other sites

I saw the reddit breach and wasn't too concerned.   Github was also breached though, which may have more implications for (mostly) small time software companies who used private repositories there as a free versioning system, which like most cloud storage is a bad idea unless you're running an online service in the first place.  In that case you're better off with a paid service which offers some kind of insurance / support for hacks like this.  It won't prevent them but you'll get better response and notification.   I logged into github and was greeted with "your password was leaked in a recent data breach.  you should change it"...   but the account itself was still active and the same password still worked, so exactly what help is that message?   

 

Whatever small town shit is going on there is just a symptom of the problem.   Stuff like this, regardless of who was caught and what the results were, is downright terrifying:

https://www.washingtonpost.com/news/true-crime/wp/2018/04/27/golden-state-killer-dna-website-gedmatch-was-used-to-identify-joseph-deangelo-as-suspect-police-say/?utm_term=.999ca8e33ce9

 

Keep in mind this is someone who was identified by a familial genetic match rather than their own DNA actually being in a database, and since DNA is left damn near everywhere just by the act of walking around, this is alarming as fuck. 

 

Yeah, they caught a serial rapist with this technique.   It also messes up and leads to invasive searches on people who have fuckall to do with anything, which that article also covers:

 

 

Quote

 

On the more dystopian side of the spectrum, Wired reported on a filmmaker named Michael Usry who was accused of a 1996 murder in Idaho Falls nearly 20 years after the fact — coincidentally the same month that Phoenix police got their break in the Canal Killer investigation.

Usry, who was a teenager at the time of the killing, was picked up by police at his doorstep in New Orleans in December 2014, Wired wrote. He was interrogated by an FBI agent and spent a month under suspicion — all because the killer’s genetic code was similar to his father’s, whose DNA sample had been obtained by Ancestry.com.

 

Fucking lovely...

Share this post


Link to post
Share on other sites
On 7/30/2018 at 5:58 PM, Mercer said:

I wanted to do one of these for how to use macs + iPhones  and wondering if anyone in here uses any of the following.

 

1. Dropbox as opposed to iCloud, also if used, do you use the camera uploads feature?

2. Password manager?

3. Hazel, or manually writing your own applescript for automation?

4. A firewall to monitor all connected activity?

5. a VPN service?

1. I use Dropbox, but I manually upload as opposed to the camera upload feature. 

2. LastPass.

3. I use Hazel - set it up awhile ago and rarely touch settings now. Nice to "set and forget" some automation.

4. I use Little Snitch and I setup a Pi-Hole (https://pi-hole.net). Nice thing about the Pi Hole is that it blocks most ads at the network level.

5. I've used a few different VPN providers and have been using ProtonVPN lately.

 

Happy to answer any questions if anyone would find it helpful.

  • Like 1

Share this post


Link to post
Share on other sites

Register for a 12ozProphet forum account or sign in to comment

You need to be a forum member in order to comment. Forum accounts are separate from shop accounts.

Create an account

Register to become a 12ozProphet forum member.

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×