How-to
Privacy
Just two links for this section this week, but for an issue I feel is not getting all the attention it should.
-
US cell carriers are selling access to real-time phone location data. There is a very interesting discussion on Hacker News. I'll quote from the first comment in the discussion. They're sorted depending on the votes of the rest of the readers, but it's unlikely that will change right now:
I work in location / mapping / geo. Some of us have been waiting for this to blow (which it hasn't yet). The public has zero idea how much personal location data is available.
It's not just your cell carrier. Your cell phone chip manufacturer, GPS chip manufacturer, phone manufacturer and then pretty much anyone on the installed OS (android crapware) is getting a copy of your location data. Usually not in software but by contract, one gives gps data to all the others as part of the bill of materials.
This is then usually (but not always) "anonymized" by cutting it in to ~5 second chunks. It's easy to put it back together again. We can figure out everything about your day from when you wake up to where you go to when you sleep.
This data is sold to whoever wants it. Hedge funds or services who analyze it for hedge funds is the big one. It's normal to track hundreds of millions of people a day and trade stocks based on where they go. This isn't fantasy, it's what happens every day.
Almost every web/smartphone mapping company is doing it, so is almost everyone that tracks you for some service - "turn the lights on when I get home". The web mapping companies and those that provide SDKs for "free". It's a monetization model for apps which don't need location. That's why Apple is trying hard to restrict it without scaring off consumers.
-
And the second part. Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers Without Consent in Real Time Via Its Web Site.
LocationSmart, a U.S. based company that acts as an aggregator of real-time data about the precise location of mobile phone devices, has been leaking this information to anyone via a buggy component of its Web site — without the need for any password or other form of authentication or authorization — KrebsOnSecurity has learned. The company took the vulnerable service offline early this afternoon after being contacted by KrebsOnSecurity, which verified that it could be used to reveal the location of any AT&T, Sprint, T-Mobile or Verizon phone in the United States to an accuracy of within a few hundred yards.
Tech
-
Sending Inaudible Commands to Voice Assistants.
A group of students from University of California, Berkeley, and Georgetown University showed in 2016 that they could hide commands in white noise played over loudspeakers and through YouTube videos to get smart devices to turn on airplane mode or open a website.
This month, some of those Berkeley researchers published a research paper that went further, saying they could embed commands directly into recordings of music or spoken text. So while a human listener hears someone talking or an orchestra playing, Amazon's Echo speaker might hear an instruction to add something to your shopping list.
Data Links is a periodic blog post published on Sundays (specific time may vary) which contains interesting links about data science, machine learning and related topics. You can subscribe to it using the general blog RSS feed or this one, which only contains these articles, if you are not interested in other things I might publish.
Have you read an article you liked and would you like to suggest it for the next issue? Just contact me!