Mobile phones are watching you, sir!

Mobile phones are watching you, and taking your Personal Information Sir!

Let me Begin with a simple quote by Kurt Cobain founder of Nirvana group which is

If you are paranoid, it does not mean that no one is watching you..

Govt. and Secret Agency are using numerous ways to spy on you and your gathering your personal information so that  whenever needed then can use those information against you below are some ways that any Govt. or Secret Agency can spying on you,

  1. Positioning
  2. Wiretapping 
  3. Skyhook
  4. Google Glasses
  5. Google Account
  6. Your Personal Browsers and many more..

 1.  Positioning

Approximate determination of the location of the included cell phone. Given that the phone does not in itself levitate, but lies in a pocket, then the location of the person using it is known. Two basic techniques are used to gather your Personal Information: using positioning relative to base stations and using GPS built into the phone (if it is, and it is in the vast majority of smartphones). The error in the case of the first method in GSM networks is about 100 meters (by distance from the tower), and taking into account the unpredictable urban development – even more. Generally speaking, the positioning capability in GSM networks is provided by time-bandwidth division technology.and is a side effect.

The position of the phone is defined as the distance from the base station and the direction of the sector antenna with which it is currently working. What gives the possible position of the subscriber in the form of a stripped-down sector with a side of a hundred or two meters. On this principle, the “child under supervision” of the MTS works, distressing schoolchildren, strolling couples . The service from MTS, drag, should exclude the positioning of the person who did not give consent, but if you have a good friend in some kind of opsox , he will be able to hover on the dude who keeps your stolen and activated mobile phone.

The second method (GPS) gives accuracy from 5 to 50 meters, which is already pretty good. You can always check how your placement corresponds to reality by going from a smartphone to Google Maps (the author most often has an error of 15 meters).

2. Wiretapping

You should decide whose wiretap you’re afraid of. If the competent services , the concerns are justified ( SORM ). According to quite reliable data, the guys from the FSB have an agreement with mobile operators and can listen to any number and take any Personal Information of yours. But if you are afraid of cool hackers with self-made devices for intercepting and decoding the signal in the GSM network on the fly, then you can calm down – at the moment there is no full-fledged working prototype. But work is underway , more here .

It should be said that in the article below we are talking about phones on pre-installed Android, which differs from the open original by the presence of pre-installed adware and spyware. Often on good popular models there is an opportunity to install CyanogenMod or another firmware without built-in spies, including the one assembled by itself. True, Chinese manufacturers, it happens, do not want to share the source code, and it is difficult to get closed binary drivers from most, in general, all manufacturers (with the exception of Samsung, Google, Sony Ericsson and anyone else who has them in the public domain). Although some manufacturers produce and Android phones with “clean” firmware like CyanogenMod, but this is a rarity and the price is about 4 times higher.

Until now, it was about ordinary phones. And now you should go to the most interesting – Android , iPhone and others like them. In general, mobile phones have radically changed the rules of the game – and Google and Apple perfectly understand this. Whoever controls the mobile market will control the future. The smarter the phone, the more useful and convenient features it has, the more data it sends to you to the manufacturer. And not only about you – the task of smart phones to index and send to the server the maximum possible amount of data about the world. Here are just some of the examples.

3.  Skyhook  is a database of over 100 million wi-fi points worldwide with their geographic coordinates. Accurate to 20 meters, by the way. And it is replenished as follows – if you want to go from the phone via wi-fi to Google Maps, then your phone scans, finds out the ssid and mac-address not only of the point you connect to, but also of all nearby ones – partner of the Empire of Good. What for? The fact is that having a database of 70% of wi-fi points in the USA and Canada, as well as points in all major cities of the world, it is more convenient for advertisers (Google) to track and give you targeted advertising based on your location. At least for now – for this.

4.  Google glasses – Beautiful, breakthrough technology search by photo. You can take a picture of the landmark through the phone and immediately find out all the information about it from Google. And you can google brand information by taking a picture of its logo. Yes, a lot of what you can do! Only it is necessary to understand that if before this, Google had only “ears” through which he read the requests you typed for him, then now there are “eyes”. And given the ubiquitous binding of GPS, Google knows where you are, what you look at and what you want to know about it. And, most likely,

Google glasses will find application not only in mobile phones, but the functionality itself will seriously expand and integrate so conveniently with the rest of Google services that it will be just silly not to use it. After all, it’s great to look at any subject and immediately find out all the available information about it, look around on the street and see the names of people passing by, rates in the nearest cafe and stuff. That’s where it startsthe most fun .

5.  Google account  – Synchronization of Android, which, however, is configured by the user, occurs in a very curious way – all your data from the phone is synchronized with the Google account and stored on the server. Thus, Google knows your calendar (including female menstrual), your contacts, your calls, your list of things, your mobile number … everything you did with your phone. By the way, they say that Android phones make regular screenshots of the screen and subsequently send them to Google’s servers – if there are Android owners with access to root, check and unsubscribe here.

But do not think that Google – the only one who is engaged in such things. He just often is a trendsetter in violation of user privacy that others pick up. The same Apple does the same thing, only sometimes it charges money for it (for example, for a cloud-based data exchange service between any MobileMe mac devices ). And, of course, that Google, that Apple, thanks to the ability to buy applications for the phone, knows your credit card number.

In general, Android phones are phenomenal, they fully meet the expectations of the phone. If the Apple phone  is a racial Fascist phone (nya!), Which allows you to do only what you allow Further Steve Jobs (if you don’t jailbreak, of course), Google’s phone, if you have a Google Account, gently tells you: “do what you want, but please tell me everything, everything, okay?”. And this ingratiating whisper is very difficult to refuse … But just think – is it worth sharing with a transnational corporation, whose mission is to “organize world information and make it publicly available and useful” for most aspects of your life. Yes, and Apple would have been know less about their hamsters.

How to resist all this? Buy yourself a mobile, which is just a phone, not a small computer. For the rest, it is better to use a laptop. It’s not necessary to switch from a smartphone to an antediluvian phone, everything has its limits, even your paranoia. In general, the removal of all Google services and applications with the installation of third-party firmware changes things..

What to do?

If you really want to use a smartphone or tablet, then there is a way out: immediately after buying an Android device, install CyanogenMod, AOKP firmware or, at worst, AOSP, take all Google services to Google, including Google Play. full wipe of data, system and cache folders, if the user himself did not want to download GApps for himself), and instead put the F-Droid, which will carefully warn you what programs can cause minimal information leakage. By the way, a large proportion of F-Droid are programs specifically for paranoids. It is also highly recommended to use a firewall configured to use the white list. Installing MIUI will not lead to complete protection from surveillance, as it has proprietary modules from the Chinese.

And Finally here comes your browsers!

If you have somewhere written something, then your IP is probably there. To trace a person is quite real, a chore, but if necessary – real.`

Once upon a time, cookies were invented for this task. But, unfortunately, cookies are only the most innocuous thing that a user has to deal with who wants to preserve anonymity on the Internet.

Add-ons in the browser  – More recently, advertisers and ZOG agents have begun to brazenly buy add-ons (extensions) to browsers from their authors and embed statistics collection there. This is not contrary to the policies of the manufacturers of browsers, on the add-on page honestly appears a message with a list of collected. Prior to this, everything was limited to the unauthorized installation of Yandex / Yahu / Google / Bing.Bar’ami (from all search engines and services), who tried to somehow wind the counter of visits to their sites and were installed along with “free” ) programs. But they are so podzabal users that now climbs a window where the unauthorized installation of such additions must be confirmed (at least in popular browsers). I must say that buying has not yet become widespread, most often those who will collect statistics make the addition.

An example is the numerous AdBlock Plus clones (the name is such and no other, and the source adblockplus.org and no other), which use its subscriptions, but at the same time collect statistics and sell it to advertisers. Any open source add-ons can legally copy and promote under a different brand with a full collection of all the addresses you have visited.

Interestingly, in the Chrome add-ons store, some of the clones even had the same names as the original. Recently, apparently, a ban has been introduced on the complete coincidence of names, and now various tricks are used, such as partial coincidence of spelling of names or similar icons. One of the first messages about buying

The most famous cases of buying: Wips.com sro , BrowserProtect , Ppclick And Lurkmore too.

  • IP-address – Every computer on the Internet has an external ip-address, which, on the whole, is obvious. And at first glance, identifying a particular user with its help is very difficult … First, there are dynamic IP addresses issued by a provider to a user from a certain range of addresses at random with each new connection. And secondly, there are networks where a lot of computers sit on the same external ip. Suppose that you still have a static white ip and going too far in paranoia. In this case, immediately put Tor [1] or join the ranks of I2P. But difficulties with identification exist only at first glance. If you take a closer look, you can understand that even with the help of a dynamic IP address you can determine the country and provider of the user (and split it with respect, curated by ZOG). Well, it narrows the search range. If this confuses you, then there is an add-on for falsifying your ip server logs without Tor’s help in Firenel , forcing the server to believe that your true external IP address is just a proxy behind which the “real” ip in settings).

 

  • Cookies (HTTP cookies) Perhaps the most well-known public identification method on the Internet. It works as follows. When the user makes his first http request to the site (the site name is not without reason put http://), it receives cookies from the site – data fragments that the browser stores as a file (for the donkey, the rest use more advanced storage methods). This data is a kind of identification of the user on this site and is valid until the expiration date. As the name implies, the expiration date tells the browser when to delete the received cookies. As soon as the storage period is over, the cookies are deleted. If the date is not spelled out – cookies live until the end of the session (for example, closing the browser). And, of course, they can be removed at the request of the user (that is, pens). The most interesting example in terms of cookies is, of course, Google. The Empire of Good generates cookies right up to 2020 and sincerely hopes with their help to track user requests and transitions from site to site. The attentive reader in this place will wonder – but how can Google follow me when I turn from one page to another? Calm – on Lurk Google does not track your throwing with the help of cookies – here he has other methods, which will be mentioned below. But surveillance generally takes place – with the help of so-called third-party cookies. The idea is as follows – when a user loads a page www.example.com, among other things, it contains components from other sites – for example www.thehackersplanet.com. We are talking about pictures, banners and other elements in the spirit of java scripts. And these components may well persuade the browser to accept cookies with a long lifespan fromwww.thehackersplanet.com. And if there are a lot of such Big Brother banners on various sites on the Internet, then each site with them will recognize your browser. And you can always keep track of where the user went, and what interests him. Of course, it is not the special services that are interested in this, but the advertisers (let us not recall the cases when the FBI introduced their cookies into the computers of Americans). They also need to know what kind of porno the user has and what kind of lubricant he prefers – this is the advertising business.

 

  • LSO (Local Shared Objects, flash cookies) –  Flash-based cookies. The main danger of flash cookies is that they are installed covertly, they cannot be removed by standard browser tools and most users know little about them. You can fight them in Ognelis by installing the BetterPrivacy add- on . After the installation, do not forget to rejoice at the fact that you are in your computer. But protection will be incomplete if you do not prohibit Adobe Flash Player to save the LSO to your hard disk. To do this, go to the Adobe Parameter Manager page on the Adobe website.. On the Global Storage Settings tab, reduce the amount of disk space for storing information to a minimum and prevent third-party flash content from saving data to a computer. By the way, an interesting observation is connected with flash cookies. If you disable the setting of Skype to save the usual http-cookies, then it is on the sly begins to save LSO every time you open the browser in the hope that no one will know.

 

  • Web bug (web beacon, tracking bug, tracking pixel, pixel tag, 1 × 1 gif) – An object embedded in a web page or e-mail, invisible to the user, but allowing to determine whether the user has viewed this page / soap. Initially, web bugs were 1×1 pixels that were uploaded to a page or mail from a third-party site (remember the analogy with third-party cookies?). Today, however, it is not limited to pixels alone – web bugs mean a whole range of various features that allow you to find the user In html pages, web bugs are used most often to collect statistics on attendance (they are implemented by Google Analytics). Things are much more interesting in the e-mail – with the help of web bugs, you can not only determine which IP address opened the message.

 

  • HTTP Referer  – this is what one of the client request headers is called in the HTTP protocol, which allows the server to determine from which page the user navigated to this site. That is, if the transition was made fromwww.example.comtowww.thehackersplanet.com, then Big Brother would understand about the user’s sexual preferences. This problem in Ognelis is solved with the help of RefControl . Unfortunately, this is not all. There are also cross-site requests – here http-referer and web-bugs have much in common. Let me explain with an example – let’s say a user has viewed a blog with an inserted video from YouTube, then he looked at the profiles of friends on MySpace and at the end ordered a book on Amazon. Attention! He never went to the Google site, but Google already knows what video he watched and in which blog, which friends interested him and what books they brought him. Remember that Google is looking for everyone. Is always. The secret is that on all these sites there are different components of Google: the blog has a link to YouTube owned by Google, MySpace has analytics of attendance by Google Analytics, and Google’s advertising campaign Google DoubleClick has been registered. And be sure – all transitions are logged and mapped by the most advanced statistical algorithms to uniquely link the data with you. I mean the surname, name, patronymic. But do not think that Google is such a universal evil. He lives from targeted advertising and wants to know your interests. And not only he – all the search engines do it to the best of their abilities. Just Google does it on a planetary scale, unlike the same Yandex . To block extra requests, there is an add-on RequestPolicy

 

  • Browser Cache  – Browser cache can be used in various ways. The easiest is using the HTTP header ETag. When accessing the page, the server issues an ETag, which the browser uses to cache content. In subsequent requests, he sends this ETag to the server, which thus finds out who came to him. The best part is that even when the page is reloaded, the ETag does not change the values ​​and the server will still recognize you. Treated with NoScript .

In general, NoScript and AdBlock clean up a lot of holes, with the help of which your browser becomes the only and unique on the open spaces of the worldwide network. With NoScript, you can control JavaScript, Java, Silverlight, Flash (which knock like woodpeckers in the spring. Without them, it is impossible to guarantee the protection of the user from multiple attacks like XSS, CSRF and Clickjacking. Well, AdBlock – this is our everything in the fight against banners.

  • TCP    Yes, and TCP too. He will be happy to provide information about your operating system. The fact is that a TCP stack is configured differently in different OSs. A router, as a rule, does not change the packet, but simply passes it on. Characteristics of TCP packets form their digital signature fragment. And to recognize data about your OS, the easiest way is to use the p0futility.

 

  • The digital fingerprint of the browser  is a very interesting technology that allows you to identify the user’s browser without any cookies. Simply using the information sent to the server — HTTP headers, presence / absence of cookies, java, javascript, flash, silverlight, browser plug-ins, etc. This is a kind of final boss building a unique digital signature based on the above elements (and , many others), described in the article How Unique is Your Browser?. Moreover, the above test leads only to Pantoptclick – an open project created to protect users. And he uses a small part of the techniques described in the article, and at the same time – very effective. The real algorithm can be more complicated and much (tens or hundreds of times) more efficient. There is a suspicion that it’s not exactly the advertisers who will use it to smelt their merchandise … At Pantoptclick, really bring the uniqueness of your browser to 1 in 50,000. learn about it, then among other browsers it will stand out like a man in a space suit in the center of a densely populated metropolis. You can try to disguise your build into something fairly typical using User Agent Switcher, but the main thing here is not to change the type of operating system. Remember – TCP reports about it, and if it says that you have Linux, and the disguised User Agent Switcher HTTP headers convince you that Windows, then congratulations – they found you! Most likely, you are the only one on the Internet.

 

  • Search in Google and Yandex – if you look at the html-code of the Google search results page, then you can make sure that all the results found are not just links. Each link to the search results contains an onmousedown method that causes the browser to perform specific actions by clicking on the link. In this case, the transition to the desired page occurs through a redirect to the address of the intermediary. That is, first the browser goes to the Google server, and only after entering there is a transition to the desired page. The transition is quite fast, which is imperceptible on a wide channel. Meanwhile, Google gets statistics with the information that you were looking for and where, as a result, you went. Yandex, and Yahu, and many other search engines do the same. You can counter this by using client-side scripts in the browser that will bring the links into the correct format.Greasemonkey and add to the list of scripts stripping links to Google and Yandex , a similar effect plugin from the creator of AdBlock Plus. Full list of applications on donttrack.us . This is the only way to fight. Even if you set up a Google search so that it does not save the search history, this will lead to nothing.

How to protect against all this?

As you can see, literally everything knocks. How to protect against this whole simple non-programmer? No, all you can do is reduce the risks and hope that you won’t get caught.

First, we must understand that any protection is not absolute and come to terms with it. Secondly, heed the advice in this article. Third, use Tor. Fourth, never, never use panels from Google, Yandex and others. It’s not worth it – it’s a giant hole into which everything is possible, both about the search history and about the computer as a whole. After all, you want to use your computer only you, not marketers, is not it? Fifth, use Firefox (not Chrome!) for anonymity TorBrowser , but try to refrain from IE and Chrome . Sixth, check your browser here . Seventh, instead of the usual GoogleDendix, use non-user-tracking search engines like DuckDuckGo , Startpage or YaCy. And most importantly, remember that the data that is being collected now will never go anywhere.

They will always remain in the cache of Google, Yandex, Wayback Machine and will be processed sooner or later (maybe not forever, but for decades they can). And can you guarantee that in the future (by the way, very close – read about Google’s plans for 2020), the mathematical apparatus will not allow to make a dossier for each Internet user and to install soft but relentless surveillance on everyone? Even now, using an Android-based phone with pre-installed advertising programs (with Google services, Yandex and others like it, of course, “clean” assemblies do not contain such shit), you merge your location and speed of movement (these are trifles, if you remember that all this info is available to the cellular operator always and without third-party software). Apart from absolutely all the information you are looking for from it on the net. And this is just the beginning.

Use Linux distributions whenever possible, Ubuntu and OpenSUSE are convenient for normal users . Naked Ubunt also sometimes knocks , so the best option for a lamer is a derivative from Ubuntu: Xubuntu or Kubuntu. If you use Windows, never install Build Windows, always manually setting a firewall with bans and disable all auto updates. Try to use open source programs even under Windows. Never put questionable unpopular scripts and programs from third-party repositories (for Linux) and sites (for Windows). In particular, do not install hacked ones either, if several thousand people have downloaded them on the tracker and the antivirus is silent, this does not mean that the virus is not there. Do not install programs from software portals and file sharing services, always only from the official site.

Choose a smartphone only on Android, devices with other open firmware are rare today, but you shouldn’t forget about them either. You should choose the one for which there are already third-party open source firmware: CyanogenMod, Paranoid Android, pure Android, MIUI and others. Look only on the official sites of firmware, where the presence of a team of professionals and open when it guarantees at least something. Never put the firmware and programs on Android from sites w3bsit3-dns.com, xda and similar. The popularity of themes and the number of downloads on them does not guarantee anything. Today, under Android, there is no absolutely reliable application store. It may be advisable to pay attention to two of them:

  1. The largest and most rapidly updated (which is very important for closing vulnerabilities) is the Google Play Market , applications are tested for damage there, but Google services and the store itself are being spied.
  2. F-Droid free open source application store is developing very slowly and updating, for example, Firefox may be there a week late (which is already a big hole in the system); Given the complete freebies, a good scan of applications for viruses is questionable. Critical applications through which you can crawl into the system, such as Firefox and other programs for working via the Internet, are best updated from official sites manually.
  3. Official websites of developers posting their builds on certain architectures ( x86 , ARM) by downloading links directly on the site. Nuff said.
  4. W3bsit3-dns.com. Nuff said too.
  • Also – There is an ICANN organization that owns central DNS servers and manages everything on the Internet. ICANN servers receive information from all external IPs and this is the basis of the entire Internet. And who do you think is behind ICANN . Also , the American special services receive this and any information on the first whistle.

Leave a Reply