Schneier on Security

My short encounter phone call with A.S.I.O what i didnt mention in my op was when the employee at ASIO picked up i realized ‘how do i address these employees ?? like is it excuse me ‘officer , or special agent , or what ?? so i said Hello im … from … are you the quote ‘phone boy or errr idk how do i address you sir?? he said : whattya want mate?? ok then i started my rant? statement idk i got flustered any way link below...

Off the back of this article by @Bruce’s Blog post dated “Posted on July 17, 2017 at 6:29 AM” https://www.schneier.com/blog/archives/2017/07/australia_consi.html…im not making this up and i will hunt down my original post regarding the some what bat@hi% this crazy policy i wrote to ” electronic Frontiers Australia ” telling the story of me calling up A.S.I.O https://www.asio.gov.au/ “Australian Security Intelligence Organization” yes i did ring em up and i twas quite enlightening. So please stand by ill go on the hunt for my post to EFA ik it exists ive found it a while back and did not bk mark it but yeah ill be back. ☮...

They might need to seize mungfali for “leaking” pedobear generated by those internet bullies splicing photos together in r8 creepy creebing ways.

The internet is REALLY falling to pieces these days.

Visuals and QR barcodes might be the way to go coupled with 3D printing for the blind.

If anybody wants to play with a free screengrab picture for stegosaur purposes, here ya go.

It’s clearly not that generic, which is GOOD.

We Have Explosive
There Will Be No Armageddon

both tunes, temporarily in musically and visual synchronized playback

You can do some interesting research on this.

Data privacy and also AI judgement issues have already been mentioned by people. One thing which bugged me which I didn’t post about is the possible impact on severe breaches of privacy, the impact on regulated professions, and especially the impact on vulnerable people. Courtesy of @noname pointing out EU AI Act Article 5 (which I haven’t read) it explicitly raises these issues.

https://www.wilmerhale.com/en/insights/blogs/wilmerhale-privacy-and-cybersecurity-law/20240408-prohibited-ai-practices-a-deep-dive-into-article-5-of-the-european-unions-ai-act...

@noname

I’m really interested in the EU AI Act’s prohibited AI practices (Article 5) and if they will have global carryover.

Good question. I had a draft I never published in the new AI topic which touched on the underlying issues and didn’t publish it. I only discovered the EU AI Act covered it after reading a legal commentary on Article 5 after you asked the question. Thanks!

I can’t say it will have global carryover but I think it’s likely given the issues have overlap with regulated professions and duties of care...

@vas pup

Nothing in what you’ve put up above has not already been said on this blog multiple times years ago in fact over a decade for some of it.

Search for ‘cats eyes’, ‘lamping’, ‘red eye’, ‘180 degree reflection’, ‘internal reflection’ and the use of IR LEDs in TV controllers along with digital cameras / mobile phones that do not have IR filters and ‘thermal imaging’ / FLIR devices.

Along with tricks to make any RF signal give it’s self away...

US Air Force releases first in-flight photos of B-21 Raider, newest nuclear stealth bomber
https://www.yahoo.com/news/us-air-force-releases-first-163639778.html

“The U.S. Air Force released the first in-flight photos of its newest nuclear stealth bomber, the B-21 Raider, on Wednesday after defense officials confirmed the sleek military aircraft had taken to the sky in California.

The Air Force and Northrop Grumman, who manufactured the aircraft, unveiled the B-21, a new, long-range strike bomber capable of carrying nuclear weapons, in December 2022...

How to find hidden cameras in an Airbnb, according to a security expert
https://www.yahoo.com/lifestyle/hidden-cameras-airbnb-according-security-162855421.html

“Our rental house had an overwhelming number of places to conceal a camera – in books, in musical instruments, in the eye of a giraffe sculpture. But LaSorsa said these are not realistic hiding places because they don’t have an enduring power source...

@echo

I’m really interested in the EU AI Act’s prohibited AI practices (Article 5) and if they will have global carryover.

@Hell by any other name, I think we’re basically saying the same thing about how the tags work. Whether the “scanning” is active or passive doesn’t make much difference; even if passive, it means an iPhone will have their Bluetooth receiver active when the user doesn’t think they’re using Bluetooth. And will be sending the collected data to Apple, unlike non-Apple products that see those Bluetooth messages...

Some people (especially some not all Americans) don’t understand that law which restricts some behaviour creates freedoms.

One example is food regulation. The number of Americans who gush about the quality of food and low prices relative to income in Europe when they visit? That’s regulation. Quality consumer goods and BS free advertising? Regulation and regulation. Strategic legal action that takes millionaire money? That’s a statutory Ombudsman free at the point of access created by regulation. Knowing a car on the road won’t crash into you or blow up because it has passed its annual inspection? Regulation. The looks on the faces of visiting Americans on Youtube gushing about how they had an accident and the trip to hospital and medicare care was free? All established and governed by regulation...

I wrote about this AI trust problem last year […] You’re going to want it with you 24/7, constantly training on everything you do.

No, I won’t, and I don’t see this as an “A.I.” problem. This is just more data being stored without user knowledge or consent, which I’ve always objected too; ever since I found out Windows 95 and its programs were keeping “most recently used” lists of my files. I was glad when I got an NT-based version and could write-protect those registry branches. Then I moved away from Windows, but found Linux programs did the same thing: .bash_history, for example (and quite a bit later, with no warning, .lesshst; I run most stuff under BubbleWrap these days, to avoid such surprises)...

@ALL

It’s been said on this blog back in Feb that AI is a fraud, and a new way to steal peoples personal and private information

https://www.schneier.com/blog/archives/2024/02/microsoft-is-spying-on-users-of-its-ai-tools.html

Also that the Microsoft, OpenAI and Google business plan with AI is

“Bedazzle, Beguile, Bewitch, befriend, and Betrayal.”

Does anyone see anything that makes it untrue?

But think on this carefully...

@Rene Bastien

Those are excellent questions about how Microsoft will manage Recall (encryption, key storage, access, trust).

At an even more basic level, I am worried some users may not even be aware of this feature, its risks, and how to pause Recall or turn it on and off.

According to MS, at the moment:

https://support.microsoft.com/en-us/windows/privacy-and-control-over-your-recall-experience-d404f672-7647-41e5-886c-a3c59680af15...

I really don’t think this so-called “AI” push has anything to do with providing a working service to people. In my opinion, it’s just Yet Another Way to extract personal information which can be sold on. People world-wide were starting to demand companies desist from harvesting their personal information. Laws have been passed. But renaming it “AI” has convinced millions of people to voluntarily...

@Hell by any other name

Re: Strict Liability vs Rights Stripping

As the article you link to confirms it is very much about ‘rights striping’.

“Strict liability” enshrines in law that your rights have limits. You have a responsibility to check the age of your prospective partner or the contents of your luggage.

Looking the other way is not always a defense in court.

@Winter

‘“Strict liability” is independent of “rights stripping” and exists independent of whether we think it is right and just.’

As the article you link to confirms it is very much about ‘rights striping’.

Maybe you should read it more carefully.

Despite encryption and local storage, the new feature raises privacy concerns for certain Windows users.

There is a wonderful Dark Mirror episode The Entire History of You about this “record everything” [1]. It does not end well.

I would like to remind everyone that a perfect memory is not a boost to your happiness, on the contrary. It leads to exhaustion and depression [2].

[1] ‘https://en.wikipedia.org/wiki/The_Entire_History_of_You...

@ResearcherZero

Everything seems duller and less informative without his expertise, wit and clever snark.

Indeed.

I see many issues with what Microsoft is proposing. Can we trust Microsoft that data will solely be stored locally? Which encryption algorithm will be used to encrypt the data? Where will the encryption key be stored? Will the key be encrypted, and how/where? Storing the key locally makes things easier for someone with nefarious intentions. Storing the key in the cloud makes things easier for Microsoft, if it were to copy the data outside of the local device. Yes, the notion of trust is essential in this application, and I for one do not trust Microsoft...

@Hell by any other name

Look up “rights striping” it’s a technical term and it is very much designed to stop people accused being able to mount any kind of way to establish their innocence.

Look up “Strict Liability”, it’s a legal term.
‘https://www.law.cornell.edu/wex/strict_liability

“Strict liability” is independent of “rights stripping” and exists independent of whether we think it is right and just. That is, it is a fact of life and law...

“… we need trustworthy AI”. — I am not convinced that we understand trust well enough yet.

“We are going to need some sort of public AI to counterbalance all of these corporate AIs.”. — that hypothesis has so many assumptions I’m going to assume it’s a joke.

Another problem, related to trust in the space of a personal AI, is how to trust it to be safe in the face of adversarial input. Imagine a personal AI given responsibility over your email, that can send and receive on your behalf as some kind of executive assistant.

Prompt injection takes on entirely new kinds of danger in this case; malicious senders could achieve phishing at incredible scale.

it’s the same problem I have with the idea of brain implants. The benefits are potentially huge, but who do you trust to write the software for it?

Abject horror: 😱 this is how many feel about the Recall ‘feature’ on Copilot+PC.

Recall takes a screenshot of your active screen every few seconds and saves it locally on your PC. Your screenshots will by analyzed by an AI model and searchable. What could possibly go wrong?

It has been found that True Random Noise is noticed by the human eye when added to photos. So Blue Noise was created:

“Gaussian Blue Noise”

https://dl.acm.org/doi/10.1145/3550454.3555519

“Blue noise for diffusion models SIGGRAPH (Conference Proceedings), 2024”:

‘https://xchhuang.github.io/bndm/

Hmm…:), and pun intended: I wonder if Mr. Schwartzenegger would have anything to say about this, as we all know how Scarlet Johansson’s voice was missused with ChatGPT.

Someone did some research for photos the police or media redacted and discovered that squinting your eyes would reveal an accurate enough impression of the face for the person to be recognisable.

Interesting! Who did it? This time you didn’t provide the super scientific youtube link…

@madge

My comments are getting moderated so hopefully you will get to see this reply to your

“What I mean is that if you’re carrying an iPhone, it’s constantly scanning for tags—including the tags of other people—and sending the results to Apple. Even if you don’t own an AirTag, you’re unwittingly participating in its surveillance network.”

You have the technicalities slightly wrong. The tags are constantly broadcasting and all receivers designed for Bluetooth will pick them up...

@echo
@winter

A response to @winter’s comment

https://www.schneier.com/blog/archives/2024/05/detecting-malicious-trackers.html/#comment-437203

Correcting them about their notion of ‘rights striping’ and containing a link to the current news subject of the UK courts saying ‘unlawful’ to legislation pushed out by the UK Home Office minister has been put up several times already and removed by moderation...

@Winter

You seem to be unable to distinguish between the legislators and the Police, Prosecuters, and Judiciary.

Look up “rights striping” it’s a technical term and it is very much designed to stop people accused being able to mount any kind of way to establish their innocence.

In the past it was usually done by taking defendants assets away from them in some way so they could not pay for representation. However for various reasons this was found to nolonger work the way it was hoped to as those who thought ahead arranged to have assets invested abroad in such a way it was beyond the reach of the judges and courts...

‘https://www.politico.com/news/2024/05/21/trump-classified-documents-bedroom-00159182

“strong evidence” that the former president “intended” to hide classified documents
https://edition.cnn.com/2024/05/21/politics/mar-a-lago-documents-walt-nauta-donald-trump/index.html

–

A cyber attack took place against New Caledonia may originate from Russia.

‘https://www.lemonde.fr/en/pixels/article/2024/05/22/new-caledonia-cyberattack-denounced-by-authorities-is-not-quite-unprecedented_6672315_13.html...

@Winter

I always wear my seat belt and get my shots. And I have been shot at more times than any member of the state or federal police, so it seems to be working successfully so far.

Things are a little less honest without Clive’s critical eye and constructive critique.
I did hope that if I did throw in something about electromagnetic waves. he might appear.

Everything seems duller and less informative without his expertise, wit and clever snark...

maybe apple should first explain how they justify turning every iphone into a location beacon, even when powered down

who’s ACTUALLY the stalker, given they operate a captive mesh network on that scale?

cimmarian gadzillas calling the kettle black. vultures; vampires really.

give me a hook switch dialer if I have to stomach this level of espionage with my quick oats. At least my babysitters are openly contemptful...

Ok

@Anonymous

Ideally not weaponising space would seem like a very good idea. However no one seems willing to compromise at this point in time. Everything so far has been weaponised, including the deep blue sea. Weaponised dolphins, porpoises and beluga whales.

There is even an explosive squid drone that can be fired out of a cannon.
People are even wound up and weaponised against themselves. It happens all the time...

@winter

That’s the quote I was thinking of.

@All

https://www.libertyhumanrights.org.uk/issue/3-facts-that-expose-the-governments-bill-of-rights-as-a-rights-removal-bill/

The Government is trying to rip up our Human Rights Act, the law that protects us all from abuse of power.

Despite the Conservative Party manifesto saying it would “update” the HRA – which could have been bad enough in itself – it turns out the real plan is to get rid of it...

@Anonymous

Used in space, to fry electronics without blowing the satellite into pieces. That would be the general idea. Other options, include shunting some so they burn up, or capture.

Blowing them up so that pieces continue to orbit the Earth would not be the ideal solution.
Microwave to fry circuits – or perhaps lasers that could push satellites would be safer.

The sun is a long way away. Disposing of satellites in the sun does not seem viable...

@lurker

There is a problem with

“If you don’t want stuff to be seen, remove it completely with a big sharp knife”

It’s proportional fonts that are all to common in documents these days.

Unlike monospaced, fixed-pitch, fixed-width, or non-proportional fonts, the characters are all different widths with lowercase ‘i’ usually being the most narrow and upper case ‘W’ the widest.

If you cut out a single word or a suspected phrase the an unredacting process can find out if the width matches the hole that’s been left with quite some probability...

What a surprise. Nothing useful has been done about this severe vulnerability in 25 years! Makes very clear just how powerful the telecom monopoly is…

Here we go again. There was shock, horror, when some people discovered that the “blacking out” function could be peeped under.

If you don’t want stuff to be seen, remove it completely with a big sharp knife, or better, don’t put it there in the first place.

@Madge
“Apple decided to co-opt their users’ devices and batteries, because that saves the company money and effort.”

Some might say that in an altruistic society people might be willing to do that in order to help their neighbours find lost or stolen items. Some might say that Apple are making everyone complicit when stalkers use this function.

I say don’t use or possess devices with always on BLE. Reduce electronic smog...

@

Actually what ‘strict liability’ is, is also called ‘rights striping’.

You seem to be unable to distinguish between the law as it is and you own wishes on how it should be.

Neither the police nor the courts are interested in your thoughts about what is just law and what is not.

@echo

but there’s some quote about people who wish to dismantle all laws may wish to ask themselves whether they could survive in the world they create.

Quote from A man for all seasons

Roper: So now you’d give the Devil benefit of law?

More: Yes. What would you do? Cut a great road through the law to get after the Devil?

Roper: I’d cut down every law in England to do that!...

@ALL

This is not a new issue, just a new use.

Those who have been involved with communications and signal processing whilst not exactly eating this stuff for breakfast have been munching on it seriously since the end of the 1950’s and begining of the 1960’s when solid state electronics became small enough and fast enough to make it practically useful in real time.

Most people get to hear two or three things about communications,...

IBM had a number of interesting security products developed out of their Security labs in the 90’s any 00’s. Several of them had great potential but big Blue really didn’t understand them and parked some of them under the Tivoli brand where they sadly went no where.

@Hell by any other name,

There are three basic ways this can happen
The person is forgetful.
Another person has moved it.
Another person has stolen it.

The last two only work without “knowledge or consent” of the other person.

I believe you’ve misunderstood the point. I’m not talking about, nor do I care about, the consent of a thief to be tracked. What I mean is that if you’re carrying an iPhone, it’s constantly scanning for tags—including the tags of ...

Just a matter of time until an ai model can read pixelated text just as well as captcha.

The 7th annual “Directed Energy Symposium” is September 11-12, 2024 in
National Harbor, MD. The “AI For Defense Summit” is the same date and time, in DC.

The “DoD Energy & Power Summit” is July 31-Aug 1, 2024 in DC.

They have become more selective about openly publishing the agendas for the events.

I tried a de-blurring tool a while back. It worked on my screenshot program’s blur feature. Gotta actually remove the data!

Being model based, the deconvolution is only hypothetical and is a fwiw opinion.

“It is impossible to foresee the consequences of being clever” –Christoper Strachey

“There’s been pushback from users who see a ReCAPTCHA saying ‘click on all images containing a helicopter’ and don’t want to help in military AI research. Google’s own staff protested at this research too and the military program was discontinued. But other users still object to working for Google for free.”

Anderson, Ross. Security Engineering: A Guide to Building Dependable Distributed Systems (p. 118). Wiley. Kindle Edition...

So – that “enlarge, enhance” stuff in thriller movies actually works ?

https://youtu.be/t8tCS6cM7DI?si=-cvs676wlCY664t7

@Anonymous

Directed-energy devices would probably be a part of any future system.

Mass carries more momentum per joule than photons. I think grenades/rockets still beat anything made up of photons.

PS: Are you trying to channel Clive?

@echo

You may agree or not agree “strict liability” should apply.

We have people here too that claim they are not subject tot he law as they declare themselves “sovereign” or something like that. They deregister from the national population registry and have their own “passport”.

They seem to be very angry that the law and courts do not care whether they accept it or not.

Someone did some research for photos the police or media redacted and discovered that squinting your eyes would reveal an accurate enough impression of the face for the person to be recognisable. Experiment suggested the best minimum block size for pixilisation of faces and I’ve heard of no reports of anyone making much sense of this although I suspect there might be cases where identification of a person might be made especially if it’s from CCTV...

@ResearcherZero
@Winter
@ALL

Is it speculation

“Directed-energy devices would probably be a part of any future system.”

Or a foregone conclusion?

Thus a disaster to condemn mankind to an untimely demise?

A study of history shows technology can be used for good or bad and in some cases the identical usage is both.

Thus this was predictable from before the space-race ever started and if you check much longer before that as even the space-race was predicted...

@ALL

People need to understand the law and how it works and what offences attract “strict liability” and go from there. I actually got it slightly wrong myself. It’s not my area of interested and I goofed it.

“Strict liability” offences hold responsible parties accountable for their actions, even if they did not intend for harm to result or were not negligent in their actions. So strict liability could still apply and isn’t a wholly unreasonable consideration. You may agree or not agree “strict liability” should apply. It’s a thing and exists all over the place with nobody screaming about it. Disagreeing with the existence of “strict liability” is not an excuse to bulldoze through laissez-faire regulation which doesn’t properly consider public safety. I personally think “strict liability” should apply and screaming OMG authoritarian spiteful dictatorship is going overboard...

I assume that pixelation is chosen to give an impression of a text. That is, the fact that it is a string of characters with a given length.

So, the prudent way to do it is to first generate a random character string of the same length and then pixelate that string.

Or just replace it with Lorem ipsum.

Btw, the same approach might be successful with badly pixelated faces in video.

Depixelation seem to be a well studied art in Japanese Adult Video. Occasionally, I hear about people getting arrested for it...

@Madge

“As I understand it, these tracking devices only work by enlisting the public without knowledge or consent.”

Correct, they have to if one of the primary design requirements is to be carried out.

The design is to track/locate tagged items that a person has lost in some way. There are three basic ways this can happen

1. The person is forgetful.
2. Another person has moved it.
3. Another person has stolen it...

@ResearcherZero

despite claims that such cooperation is in pursuit of ‘peaceful goals’.

Note that cemeteries are very peaceful places.

Kant remarked that In Eternal Peace was the name of an inn next to a cemetery. That seems to be the kind of peace they go for.

China has also “built a range of counterspace weapons, from reversible jamming all the way up to kinetic hit-to-kill direct-ascent and co-orbital ASATs,” Whiting said.

‘https://www.space.com/china-space-progress-breathtaking-speed-space-force

In 2018, Russia and China agreed on the joint application of GLONASS/Beidou.

Strategic collaboration between the two states in a contested, future-oriented domain like satellite technology could have serious implications for Ukraine, despite claims that such cooperation is in pursuit of ‘peaceful goals’...

Die weltt die will betrogen syn.
[The world wants to be deceived, so let it be deceived.]

attr. Sebastian Brant, Das Narrenschiff 1494 [The Ship of Fools]

500 years headstart on social media.

@May your book bring defimation

Re: Is such idiocy really the way to run a country?

No.

Clown cars generally belong in the circus. More a space for inconsistent, unreliable or unforeseen results. That does not seem like the appropriate arena for good policy outcomes.

“Policy makers now have more facts and theories at their disposal while the unintended consequences of policy are a widely recognized problem.”...

@All – fabulous debate, tyvm.

If I am walking with a friend, will it alert if they have a Bluetooth tracking device in their pocket?

Why would that be a problem. Does it even count as a false alarm?

Everybody should be informed about the presence of trackers. These trackers use the phones of everybody around. These people should know that their devices are used.

@Unavailable for Pairing
@ALL

To answer your question,

“We didn’t need bluetooth when it got here. Has it ever been secure? Other people have written, “No, bluetooth has never been secure”.

The answer is effectively ‘NO’ it never has been from the get go.

Because it was never intended to be secure to start with and never in the way we would think of secure today.

The security we both want and need today requires ‘High Computational Load’ which means three things,...

@echo

“Make possession or seeking to posses or sell a none compliant tracker without a permit (typically restricted to security services and law enforcement) a strict-liability offence just to be sure, and put them on an import-export watch list.

Problem solved…"


CBP seized the shipment of 15K of FlipperZero Devices coming into the US. Then they released them… I think it’s because some smart guy @ CBP/HS/FBI/NSA….. told them that a lot of the high-school kids play around with nearly identical LEGAL devices with LimeSDR/rPi/bakeyourownPi BOARDS in them, to practice building many cool gadgets, drones…and a million other devices with legal and practical uses. To program these boards to do great many things, useful/noble as well as sinister – as they say “Sky’s the Limit.” So why ban something that’s already in use, all over the place, in legal applications? I mean, one could try it, but “you can’t stop the progress.”...

@echo

If a tracker is obtained for the purpose of or used to facilitate some crimes that would unquestionably be a strict liability offence

If the defendant’s purpose is an element of the crime, it’s not strict liability. Look up “mens rea” for further reading.

Make possession or seeking to posses or sell a none compliant tracker without a permit (typically restricted to security services and law enforcement) a strict-liability offence just to be sure, and put them on an import-export watch list...

forum discussion topic idea: screengrabs and photos of internet-ready kiosks in the strangest (wrongest!) places

It seems more practical to OUTLAW BLUETOOTH, in my opinion and advise opt-in participants to forcefully and voluntarily remove all bluetooth hardware (when possible) and purge away the drivers and isolated libraries.

We didn’t need bluetooth when it got here.
Has it ever been secure? Other people have written, “No, bluetooth has never been secure”.

Wow.
It’s not much, but at least it’s a start...

@lastoftheV8s

No probs. Accidents happen.

@echo ? i must admit i sometimes just cant decipher the tea leaves i apologize if i have caused you any discomfort here today from my reply to you earlier! certainly never my intention.☮☮

@Peter

I’m sorry your friend suffered a miscarriage of justice. These things can and do happen anywhere in the world and must be stamped on when they occur.

I’ll leave strict liability open for discussion. If a tracker is obtained for the purpose of or used to facilitate some crimes that would unquestionably be a strict liability offence so it’s not entirely off the table. At the very least someone might have a lot of explaining to do if they were caught with one especially one not compliant with regulation or used strictly for permitted purposes. This would be for the lawyers and civil liberties people to discuss during framing of any law...

So is this another burden on the LEAs? To carry a BTLE sniffer and sort out legal from illegal tags?

Taobao and Alibaba will have heaps of devices that comply, do not comply, and pretend to comply if examined by import contral officials.

I suggest people do some light research on strict liability offences involving kidnap, harassment and stalking, and sexual abuse and which land on international import-export watch lists. They are not the kind of offences which make friends. You will be divorced. You will lose your business. You will go to jail. Your time in jail will be… uncomfortable. You will be marked for life. You may even acquire an ankle tag and have your movements restricted. Holidays abroad and internet access get super special attention from authorities...

Perhaps Apple & Google would also like to clear their own house first:
https://krebsonsecurity.com/2024/05/why-your-wi-fi-router-doubles-as-an-apple-airtag/

I like Apple’s opt-out, never mind that most affected will not be in their ecosystem or ever know about it.

Clive R. always warns about this possibility.

https://arstechnica.com/security/2024/05/researchers-spot-cryptojacking-attack-that-disables-endpoint-protections/

Mediated communication is intrinsically vulnerable.

Shout out to @echo for gifting me especially “that will become clear in a sec” the community a damn good chuckle ( no really its a ripper) i was reading you’re post re: ‘turtle tanks’ etc, yes i was aware of the turtle thingy but but wait what the hell are these cope cages? and what! the bloody hell is emotional support Armour? im thinking @echoes done his homework here righto! chaps i say my best Aussie slang masquerading as my finest Englishmen stiff upper lip type ripp off voice but we’re here for a laugh and this better be good @echo im thinking so into the breach we go and what a surprise ol mate @Perun is a bloody Aussie! this @echo bloke obviously knows more about me than i do and as an Aussie @Perun takes the absolute piss (as we say down here) out of himself thats code for “yeah nah were going full self deprecating mode here and by god he’s nailed it, so im still on old mate @Peruns youtube vid ill get to the other in good time and he’s a gamer me too 4extra credits there ! and speaking of us Aussies ‘taking the piss out of ones self etc,etc, and the whole self Annihilation of ones character all in the name of having a good ol belly laugh and hey you only live once right and lifes to short for too much idk “mind snapping serious effery aint it ? so i gave myself the handle years ago when firing up battlefield 3/4 “haveibeenpwned” love getting extra attentin in game cos theres always that player who gets the better of me and has just gotta remind me ‘yes you “havebeenpwned” pal!...

How will the system differentiate between someone illegitimately tracking someone or legitimately tracking something that a person has with them?

Tracking stolen property is the obvious case, but what about wanting to track packages in transit or checked baggage if the carrier isn’t happy with people having a better idea of where their own property is than the people it was entrusted to do?

as i understand it, a tracker that is near its owner’s phone will not be considered to be tracking you.
it’s only when the tracker is near you and is not communicating with its owner will you be notified.
this is described as “near owner mode” and “separated mode” in the paper bruce linked.
If a tracker uses either apple or google “find my” networks, then the features should work since they are server side, not on the phones or tags themselves. tags like the tile ones that don’t use either network and instead rely upon a network of people who have installed the tile app are most likely not affected by this newly implemented security feature...

Israel’s CyberArk inks deal to buy US cybersecurity firm for $1.54 billion
https://www.timesofisrael.com/israels-cyberark-inks-deal-to-buy-us-cybersecurity-firm-for-1-54-billion/

“Israel’s CyberArk has inked an agreement to snap up US cybersecurity firm Venafi in a cash and share deal worth $1.54 billion.

CyberArk specializes in identity security and in protecting privileged accounts on corporate servers against external attackers and malicious insiders. ...

My own AirPods stalked me for several months. Resets didn’t help. Eventually it quieted down.

on iOS 17.5

you might have to Reset Face ID from Settings Face ID & passcode
To test it, just let a friend make a call from your iPhone after you’ve locked it.

@echo, @ALL

So is this another burden on the LEAs? To carry a BTLE sniffer and sort out legal from illegal tags?

Taobao and Alibaba will have heaps of devices that comply, do not comply, and pretend to comply if examined by import contral officials.

Why would tag makers have to implement anything? Seems like a on-phone feature. Stalkers will buy ones without it implemented.

@Daniel Popescu,

Until something similar gets published by ISO and adopted by most national standardisation entities and then transformed into laws, and then those laws aplied, it usually takes about 10 years.

Or the privacy regulators could get off their asses and be proactive for once, and notice that these tracking networks probably violate existing laws including the GDPR. Few people meaningfully consented to collect and share data about their surrounding RF-space with Apple...

Although this seems to be a commendable initiative from these two tech giants, it won’t work simply because they are not standardisation bodies, national or international. Until something similar gets published by ISO and adopted by most national standardisation entities and then transformed into laws, and then those laws aplied, it usually takes about 10 years. So no, this is just a not so clever business decision fueled by, you guessed it above, profit...

presumably in order to function you have to have BT enabled on your phone, thus opening yourself up to another form of tracking.

https://www.schneier.com/blog/archives/2022/06/tracking-people-via-bluetooth-on-their-phones.html

I think we need to legalize lower power RF jammers 😉

@Hell by any other name,

It will only work with some tags that comply with an unenforceable standard.

It creates a ‘premium market’ for tags that do not comply with the standard.

As I understand it, these tracking devices only work by enlisting the public without knowledge or consent. Apple phones scan for Apple tags, Samsung phones scan for Samsung tags, but who’s gonna be scanning for these third-party non-compliant tags? Without stooges, the system doesn’t seem workable. Unless maybe the third-party manufacturers can integrate with the existing networks, but I’m not sure the standards are sufficiently open for that; Tile tags can apparently only be located when near someone who’s voluntarily installed the Tile app, which puts them at a significant disadvantage...

Trackers are generally not user serviceable. They can be obsoleted. Any none compliant tracker only has criminal purpose. It’s no different from a grenade being sold in Fisher-Price colours. It still has only one purpose. Treat accordingly.

When people begin getting slapped with attempted kidnap, harassing and stalking women, or sex offending charges they’ll soon stop using them. Make possession or seeking to posses or sell a none compliant tracker without a permit (typically restricted to security services and law enforcement) a strict-liability offence just to be sure, and put them on an import-export watch list...

It seems like it would make these tags somewhat useless for theft-tracking purposes. Each of my bicycles has a Tile stashed on it, if the bike vanishes, I am curious where it went. Bike theft is depressingly common; just last night I watched a review of a “takes 3 grinder blades” bike lock.

I have no idea how to reconcile tracking and stalking prevention; what works for one is bad for the other, no matter what technology is used...

@ALL

It’s not going to work for a couple of reasons as can be seen with

“Several Bluetooth tag companies have committed to making their future products compatible with the new standard”

Flip that over and you will see,

1. It will only work with some tags that comply with an unenforceable standard.
2. It creates a ‘premium market’ for tags that do not comply with the standard.

If I was designing a non-compliant tag I would ‘play the standard’ against it’s self...

Spurious notification avoidance is a large part of linked to spec. This specific section is probably the most relevant:

3.8. Near-owner bit

It is important to prevent unwanted tracking alerts from occurring
when the owner of the accessory is in physical proximity of the
accessory, i.e., it is in near-owner mode. In order to allow
suppression of unwanted tracking alerts for an accessory advertising...

The iPhone turns 17 this year. The launch of the touchscreen-controlled device
signaled a moment that has defined our expectations of smartphones ever since.

A disgraceful milestone. My expectation for smartphones is nothing but the end of civilization. Almost all political radicalism poisoning the Western societies can be mapped to those infamous micro glass-and-plastic monoliths.

May Steve Jobs’ stomach roast in hell...

Curious if there is a magic ID to exclude it from reporting LEO ones to create a false sense of security.

Been playing around with an app called AirGuard. I have it installed on my GrapheneOS device. Supposed to only alert if device found in several locations. When it alerts you can manually scan for it and trigger it.

And yes false alarms are possible like in public transport.

The number of students studying computer and information science has risen from 444,000 to 628,000 in the last five years in the US. That’s a 40% increase.

It’s the fourth most popular major and the fastest growing of the top 20 majors.

But right now the job market isn’t as elastic as the supply. Many students are having to scramble and branch out where they look for work.

Whether this slows the computer science pipeline is left to be seen...

Might get annoying on a bus or train. I wonder if there may be a spike in distracted driving related crashes in periods of cargestion. Hopefully what is good for security does not become bad for road trauma.