Skip to content

Selling Surveillance as Convenience

Technology
13 10 0
  • Increasingly, surveillance is being normalized and integrated in our lives. Under the guise of convenience, applications and features are sold to us as being the new better way to do things. While some might be useful, this convenience is a Trojan horse. The cost of it is the continuous degradation of our privacy rights, with all that that entails.

    As appalling as it is, the truth is the vast majority of software companies do not consider privacy rights and data minimization practices strongly enough, if at all. Most fail to implement the principles of Privacy by Design that should guide development from the start.

    Whether this comes from ignorance, incompetence, greed, or malicious intent can be debated. It matters little, because the result is the same: Technologies collecting (and monetizing) a shameful amount of data from everyone.

    This horrifying trend ends up facilitating and normalizing surveillance in our daily lives. It is the opposite direction of where we should be going.

    The more we accept this normalized surveillance, the harder it becomes to fight back. It is critical that we firmly and loudly object to this banalized invasion of our privacy.

    There are countless examples of this growing issue, but for now let's focus on three of them: Airport face scans, parking apps, and AI assistants.

  • Increasingly, surveillance is being normalized and integrated in our lives. Under the guise of convenience, applications and features are sold to us as being the new better way to do things. While some might be useful, this convenience is a Trojan horse. The cost of it is the continuous degradation of our privacy rights, with all that that entails.

    As appalling as it is, the truth is the vast majority of software companies do not consider privacy rights and data minimization practices strongly enough, if at all. Most fail to implement the principles of Privacy by Design that should guide development from the start.

    Whether this comes from ignorance, incompetence, greed, or malicious intent can be debated. It matters little, because the result is the same: Technologies collecting (and monetizing) a shameful amount of data from everyone.

    This horrifying trend ends up facilitating and normalizing surveillance in our daily lives. It is the opposite direction of where we should be going.

    The more we accept this normalized surveillance, the harder it becomes to fight back. It is critical that we firmly and loudly object to this banalized invasion of our privacy.

    There are countless examples of this growing issue, but for now let's focus on three of them: Airport face scans, parking apps, and AI assistants.

    Bluetooth everything that requires location permissions.

    Why u need my precise location to turn on a lightbulb?

  • Bluetooth everything that requires location permissions.

    Why u need my precise location to turn on a lightbulb?

    I'm not sure how many people know this but there is good reason why (at least on android) giving Bluetooth permissions also requires location permissions.

    The basic concept is that given enough Bluetooth data an app can pinpoint your location accurately anyways. So the android devs decided that they would just require any app that wanted Bluetooth data would also need to require access to location. That way users would be indirectly informed of the dangers.

    Why not just a pop-up to inform of the danger? Probably because most users will click past that warning and not read it.

  • Increasingly, surveillance is being normalized and integrated in our lives. Under the guise of convenience, applications and features are sold to us as being the new better way to do things. While some might be useful, this convenience is a Trojan horse. The cost of it is the continuous degradation of our privacy rights, with all that that entails.

    As appalling as it is, the truth is the vast majority of software companies do not consider privacy rights and data minimization practices strongly enough, if at all. Most fail to implement the principles of Privacy by Design that should guide development from the start.

    Whether this comes from ignorance, incompetence, greed, or malicious intent can be debated. It matters little, because the result is the same: Technologies collecting (and monetizing) a shameful amount of data from everyone.

    This horrifying trend ends up facilitating and normalizing surveillance in our daily lives. It is the opposite direction of where we should be going.

    The more we accept this normalized surveillance, the harder it becomes to fight back. It is critical that we firmly and loudly object to this banalized invasion of our privacy.

    There are countless examples of this growing issue, but for now let's focus on three of them: Airport face scans, parking apps, and AI assistants.

    Important.

    But news it is not, this has been the case ever since smartphones became a thing and probably before that too.

    Surveillance & convenience have been packaged together right from the start. It's the best way to get people to agree. Whoever designs these things created a false correlation between the two: you cannot have convenience without also having your data mined. Every schmuck who claims "I don't care, I have nothing to hide" has swallowed this. Because if there was no advantage to being mined, they'd say "Why should I agree to that, I'm not stupid" instead.

  • I'm not sure how many people know this but there is good reason why (at least on android) giving Bluetooth permissions also requires location permissions.

    The basic concept is that given enough Bluetooth data an app can pinpoint your location accurately anyways. So the android devs decided that they would just require any app that wanted Bluetooth data would also need to require access to location. That way users would be indirectly informed of the dangers.

    Why not just a pop-up to inform of the danger? Probably because most users will click past that warning and not read it.

    that really depends on the location. not everyone lives in big cities. is there a way today to give access to bluetooth without giving access to GPS?

  • that really depends on the location. not everyone lives in big cities. is there a way today to give access to bluetooth without giving access to GPS?

    Every Bluetooth device has a unique identifier. Any phone that has seen that Bluetooth device in the past could have told google/apple/whoever "hey BTW this device is at those coordinates".

    Google already uses this with WiFi to help "bootstrap" GPS localization. It is much faster to get a GPS fix if you already know roughly where you are (a few seconds vs a couple minutes), so they use nearby WiFi/Bluetooth devices to determine that. Remember 10-15 years ago when getting a GPS fix took forever? GPS didn't change, this did.
    Apple went further and does this with Airtags now. Every Bluetooth device that ever went near an iPhone is in Apple's database with GPS coordinates.

    So unless you live alone in a mountain cabin that has never been visited by someone with a smartphone before and you didn't disable the "enhanced localization" feature on your phone, yes your Bluetooth is at risk of giving up your location.

  • Every Bluetooth device has a unique identifier. Any phone that has seen that Bluetooth device in the past could have told google/apple/whoever "hey BTW this device is at those coordinates".

    Google already uses this with WiFi to help "bootstrap" GPS localization. It is much faster to get a GPS fix if you already know roughly where you are (a few seconds vs a couple minutes), so they use nearby WiFi/Bluetooth devices to determine that. Remember 10-15 years ago when getting a GPS fix took forever? GPS didn't change, this did.
    Apple went further and does this with Airtags now. Every Bluetooth device that ever went near an iPhone is in Apple's database with GPS coordinates.

    So unless you live alone in a mountain cabin that has never been visited by someone with a smartphone before and you didn't disable the "enhanced localization" feature on your phone, yes your Bluetooth is at risk of giving up your location.

    bluetooth is short range isn't it? so while this is a problem, it is not the exact same thing. network based location is not a replacement for GPS.

    Google already uses this with WiFi to help "bootstrap" GPS localization. It is much faster to get a GPS fix if you already know roughly where you are (a few seconds vs a couple minutes), so they use nearby WiFi/Bluetooth devices to determine that.

    I think you mean A-GPS, which is not related to wifi and bluetooth, other thqn being able to use wifi to access a server for downloading current constellation data. phones that have google mobile services installed, have an additional fused location source (besides a network based and a gps based location source) that tries to fuse the 2 sources while the gps signal is not precise enough. but as I know fused location computation happens locally

  • Increasingly, surveillance is being normalized and integrated in our lives. Under the guise of convenience, applications and features are sold to us as being the new better way to do things. While some might be useful, this convenience is a Trojan horse. The cost of it is the continuous degradation of our privacy rights, with all that that entails.

    As appalling as it is, the truth is the vast majority of software companies do not consider privacy rights and data minimization practices strongly enough, if at all. Most fail to implement the principles of Privacy by Design that should guide development from the start.

    Whether this comes from ignorance, incompetence, greed, or malicious intent can be debated. It matters little, because the result is the same: Technologies collecting (and monetizing) a shameful amount of data from everyone.

    This horrifying trend ends up facilitating and normalizing surveillance in our daily lives. It is the opposite direction of where we should be going.

    The more we accept this normalized surveillance, the harder it becomes to fight back. It is critical that we firmly and loudly object to this banalized invasion of our privacy.

    There are countless examples of this growing issue, but for now let's focus on three of them: Airport face scans, parking apps, and AI assistants.

    I have very little faith that this ship will be turned around. It's not even the explicit invasions of privacy from facial recognition that are the most damning. Its the hordes of people willingly providing their data through social media. Our culture has embraced the erosion of privacy and autonomy with such enthusiasm it almost feels engineered. In fact, it very well might be. When we let money dictate the stories we tell and who tells them, it shouldn't come as a surprise that culture becomes yet another tool to entrench the inequality we live in.

  • I have very little faith that this ship will be turned around. It's not even the explicit invasions of privacy from facial recognition that are the most damning. Its the hordes of people willingly providing their data through social media. Our culture has embraced the erosion of privacy and autonomy with such enthusiasm it almost feels engineered. In fact, it very well might be. When we let money dictate the stories we tell and who tells them, it shouldn't come as a surprise that culture becomes yet another tool to entrench the inequality we live in.

    The problem is the next generation is being brought up to accept this as normal.

    One day, there won't be anyone alive who remembers a time without surveillance.

  • I'm not sure how many people know this but there is good reason why (at least on android) giving Bluetooth permissions also requires location permissions.

    The basic concept is that given enough Bluetooth data an app can pinpoint your location accurately anyways. So the android devs decided that they would just require any app that wanted Bluetooth data would also need to require access to location. That way users would be indirectly informed of the dangers.

    Why not just a pop-up to inform of the danger? Probably because most users will click past that warning and not read it.

    That's just classic google/android retardation at play.

    Literally making the bad guys' jobs easier by taking away control from the user.

  • bluetooth is short range isn't it? so while this is a problem, it is not the exact same thing. network based location is not a replacement for GPS.

    Google already uses this with WiFi to help "bootstrap" GPS localization. It is much faster to get a GPS fix if you already know roughly where you are (a few seconds vs a couple minutes), so they use nearby WiFi/Bluetooth devices to determine that.

    I think you mean A-GPS, which is not related to wifi and bluetooth, other thqn being able to use wifi to access a server for downloading current constellation data. phones that have google mobile services installed, have an additional fused location source (besides a network based and a gps based location source) that tries to fuse the 2 sources while the gps signal is not precise enough. but as I know fused location computation happens locally

    This is separate from A-GPS. Google seems to be using WiFi rather than Bluetooth, but the broader point remains the same. No one is stopping any vendor from crowdsourcing the location of every BT device... which is what Apple has done, for Airtags which don't have the battery capacity to run a GPS chip.

    Sure without GPS it wouldn't be very effective to rely on only nearby devices to guess the current location. But an attacker only has to get lucky once to get your home address. So the only safe approach is to hide nearby devices/networks from unauthorized apps.

  • I have very little faith that this ship will be turned around. It's not even the explicit invasions of privacy from facial recognition that are the most damning. Its the hordes of people willingly providing their data through social media. Our culture has embraced the erosion of privacy and autonomy with such enthusiasm it almost feels engineered. In fact, it very well might be. When we let money dictate the stories we tell and who tells them, it shouldn't come as a surprise that culture becomes yet another tool to entrench the inequality we live in.

    Yeah, I could they trust a for profit corporation to help them connect with others by sharing about their lifes.

    What stupid fools, the only thing that should be given to corporation is the pointy end of a 105mm round and you should share the details of you personal life with nobody you don't have a blood relation with.

  • Increasingly, surveillance is being normalized and integrated in our lives. Under the guise of convenience, applications and features are sold to us as being the new better way to do things. While some might be useful, this convenience is a Trojan horse. The cost of it is the continuous degradation of our privacy rights, with all that that entails.

    As appalling as it is, the truth is the vast majority of software companies do not consider privacy rights and data minimization practices strongly enough, if at all. Most fail to implement the principles of Privacy by Design that should guide development from the start.

    Whether this comes from ignorance, incompetence, greed, or malicious intent can be debated. It matters little, because the result is the same: Technologies collecting (and monetizing) a shameful amount of data from everyone.

    This horrifying trend ends up facilitating and normalizing surveillance in our daily lives. It is the opposite direction of where we should be going.

    The more we accept this normalized surveillance, the harder it becomes to fight back. It is critical that we firmly and loudly object to this banalized invasion of our privacy.

    There are countless examples of this growing issue, but for now let's focus on three of them: Airport face scans, parking apps, and AI assistants.

    Trying to get my peers to care about their own privacy is exhausting. I wish their choices don't effect me, but like this article states.. They do in the long run.

    I will remain stubborn and only compromise rather than give in.

  • The Arc Browser Is Dead

    Technology technology
    51
    153 Stimmen
    51 Beiträge
    0 Aufrufe
    D
    Also Zen exists, which is a Firefox fork that implements the concept of Arc
  • Where are all the data centres and why should you care?

    Technology technology
    5
    1
    62 Stimmen
    5 Beiträge
    0 Aufrufe
    A
    Ai says Virginia is home to the largest data center market in the world, with over 576 data centers, primarily located in Northern Virginia,
  • 8 Stimmen
    4 Beiträge
    2 Aufrufe
    S
    %100 inherited and old lonely boomers. You'd be surprised how often the courts will not allow POA or Conservatorship to be appointed to the family after they get scammed. I have first hand experience with this and also have a friend as well.
  • Forced E-Waste PCs And The Case Of Windows 11’s Trusted Platform

    Technology technology
    116
    1
    317 Stimmen
    116 Beiträge
    2 Aufrufe
    K
    I was pretty lucky in university as most of my profs were either using cross platform stuff or Linux exclusive software. I had a single class that wanted me using windows stuff and I just dropped that one. Awesome that you're getting back into it, it's definitely the best it's ever been (and you're right that Steam cracked the code). It sounds like you probably know what you're doing if you're running Linux VMs and stuff, but feel free to shoot me a PM if you run into any questions or issues I might be able to point you in the right direction for.
  • 77 Stimmen
    5 Beiträge
    0 Aufrufe
    U
    I don't see Yarvin on here... this needs expansion.
  • 62 Stimmen
    6 Beiträge
    3 Aufrufe
    W
    What could possibly go wrong? Edit: reads like the substrate still needs to be introduced first
  • 1 Stimmen
    8 Beiträge
    3 Aufrufe
    L
    I think the principle could be applied to scan outside of the machine. It is making requests to 127.0.0.1:{port} - effectively using your computer as a "server" in a sort of reverse-SSRF attack. There's no reason it can't make requests to 10.10.10.1:{port} as well. Of course you'd need to guess the netmask of the network address range first, but this isn't that hard. In fact, if you consider that at least as far as the desktop site goes, most people will be browsing the web behind a standard consumer router left on defaults where it will be the first device in the DHCP range (e.g. 192.168.0.1 or 10.10.10.1), which tends to have a web UI on the LAN interface (port 8080, 80 or 443), then you'd only realistically need to scan a few addresses to determine the network address range. If you want to keep noise even lower, using just 192.168.0.1:80 and 192.168.1.1:80 I'd wager would cover 99% of consumer routers. From there you could assume that it's a /24 netmask and scan IPs to your heart's content. You could do top 10 most common ports type scans and go in-depth on anything you get a result on. I haven't tested this, but I don't see why it wouldn't work, when I was testing 13ft.io - a self-hosted 12ft.io paywall remover, an SSRF flaw like this absolutely let you perform any network request to any LAN address in range.
  • 88 Stimmen
    4 Beiträge
    2 Aufrufe
    C
    Won't someone think of the shareholders?!