Weekly Axis Of Easy #110
Last Week’s Quote was “If they can get you asking the wrong questions, they don’t have to worry about the answers ” …by Thomas Pynchon, winner was Keith Clay
This Week’s Quote: “Just as not all butterflies produce a hurricane, not all outbreaks of bubonic plague produce a Renaissance.” …by ???
THE RULES: No searching up the answer, must be posted below.
The Prize: First person to post the correct answer gets their next domain or hosting renewal is on us.
This is the last edition coming to you from Barbados for summer ’19. As I type this we are hunkered down on the West Coast near Speightstown, awaiting the arrival of Tropical Storm #Dorian. The island is on lockdown and we’re here for the duration. I will work on this week’s issue as long as we still have power.
In this issue:
- Apps and tech that turn your cars into surveillance pods
- Xbox contractors eavesdropped on owners in their homes
- Mozilla and Google step in to block Kazakhstan TLS intercept
- Apple enabled Uber app to record your screen
- Global gag on free speech is tightening
- easyWhois app now available for Android
Two items this week that underscore the inevitability of certain tech enabled surveillance. First up: Mercedes has admitted that it installs covert tracking devices in its cars and uses them to monitor the exact location of the vehicles. When caught out, the company stressed they only use this information “in extreme circumstances”, which include, the vehicle owner being behind on their payments. They also admitted that they also pass this information onto bailiffs, which has some experts questioning if that’s even legal.
BMW, Jaguar / Landrover and Volkswagon when asked all stated they do not have similar devices in their cars. (My lease ended in June and I haven’t decided what I’ll get next, if anything. But I now know I won’t get a beamer, just on principle).
The other piece I came across was about Zendrive, which is a driver behaviour monitoring app that reports telemetry such as distracted driving and unsafe operations back to insurance companies. The article I came across this week was from a rather fringe site, so I had to go back to a three month old Bloomberg piece to get a more mainstream take on it. The short version is Zendrive is installed on 60 million US smart phones and has been used to gather data from anonymized samples so that insurance companies can build better risk models.
There are incentives where drivers will get a lower premium if they consent to use a behaviour monitor like TrueMotion (a Zendrive competitor). The big question on the Hackernews thread I found on this was “how did Zendrive get installed on 60 million US phones? (That’s one in every four drivers). The answer seems to be that it is bundled with other driving apps. I don’t know for sure which ones, so I won’t hazard to speculate.
This is a familiar theme, because we’ve reported on the same dynamic occurring with pretty well any other home device with a microphone: contractors working for Microsoft report hearing conversations in homes where Xbox devices are installed. They are working on fine tuning the voice recognition software (they always are), and say that snippets of conversations are inadvertently picked up when the device is listening for its “wake word”, in this case “Xbox” or “Hey Cortana”.
Microsoft specifically has had similar issues with contractors or employees found listening to Skype calls, and Cortana, Microsoft’s version of Siri (which has had the exact same issues as reported only a few issues ago).
The moral of the story is this: If you have household automation devices in your home with microphones – your conversations, including arguments with your spouse, your drug deals and sundry sex acts will be recorded and stored, and possibly listened to by strangers who are otherwise not parties to said activities. Assume it to be so.
Just recently in #AxisOfEasy 105 we reported how the government of Kazakhstan instituted mandatory root cert updates in web browsers that has the effect of wiretapping all web traffic for all citizens.
The Mozilla Foundation announced that both Firefox and Google’s Chrome have introduced technical fixes to their respective browsers which block the Kazakhstan government root CA certificate, which facilitates the intercept. Users with the Kazak CA installed will not be able to form secure sessions in said browsers. Mozilla and Google recommend citizens in that country look into VPS providers (if you’re there, try downloading Opera, which has a built-in VPN mode.)
As per Fortune magazine, Apple has been found to be giving Uber more than the ability to track the user’s location via their iPhone. They also gave Uber access to what Apple calls “an entitlement” which would enable Uber to record the user’s screen and access their personal information. Apparently this was done to better facilitate integration with the Apple phone.
Apparently all iPhone apps contain various types of these “entitlements”, this one is not supposed to be accessed outside of Apple. But that means, Apple itself has access to that entitlement. (This is why I can’t wait for my Purism Librem 5 phone to arrive).
According to the Economist Magazine, freedom of speech is in decline nearly everywhere in the world. Citing data compiled by Freedom House, a watchdog group, 28% of governments globally have tightened restrictions on free speech while only 14% have loosened them. Canada is listed as a country that has improved in this department, while the US is listed as a country that has worsened.
Bear in mind, this is government control on free speech, it doesn’t address informal or media centric bias which in my mind has an equally chilling effect on discourse.
It’s a long time overdue, but we finally got an Android version of our easyWhois mobile app up in the Google Play store. Whois itself may not be as useful as it was since GDPR pretty well destroyed it, but it also has useful functions such as IP lookups and a handy “what is my IP address” utility.
(Iphone version: https://apps.apple.com/ca/app/easywhois/id321364356 )