Jan 8
Becoming Virtually Untraceable — 14_3ND_G4M3.exe
*Note: This article was originally published by the author on July 24, 2020. This article is also available in Spanish here.
“For years I’ve wanted to live according to everyone else’s morals. I’ve forced myself to live like everyone else, to look like everyone else. I said what was necessary to join together, even when I felt separate. And after all of this, catastrophe came. Now I wander amid the debris, I am lawless, torn to pieces, alone and accepting to be so, resigned to my singularity and to my infirmities. And I must rebuild a truth–after having lived all my life in a sort of lie.”
― Albert Camus, Notebooks 1951–1959
Feel free to check out the entire series at the article links at the bottom. This article is best appreciated while listening to the following album by the band Tool: https://youtu.be/hxsld16TjSU. Enjoy!
In installment 14, we look at the latest privacy legislation from Senator Ron Wyden which will surely be voted down if it even makes it to a vote due to greedy corporate lobbyists and corrupt politicians getting kickbacks from the corporations. Additionally, we’ll take a look at how license plate readers are being used to reduce crime and the impact it has on your privacy. Finally, I’ll wrap things up with an explanation of how limiting what personal information you post online can protect your bank account.
Obligatory Privacy Rant
What’s your end game? Do you even have one or do you wander aimlessly from day to day through life as so many others appear to? Do you live according to your own morals in pursuit of your own goals or are you living out someone else’s fantasy, expectations, and dreams they might have envisioned at one time for you? These are important questions to ask yourself not only for your own self-worth and understanding but also because the answers will impact whether or not you respect privacy enough to live a private life.
My end game, if you will, is to live a fulfilling private life bereft of fame or wealth, in the pursuit of knowledge while also improving online privacy and computer security in whatever small measure I can. That is something I am passionate about which I know will stay with me until my dying breath on this Earth. It is my end game, my legacy. I believe in every human’s right to be forgotten. I believe in hardening and securing information systems by using various other technologies to aid in the process. If the technology is too risky because it is full of vulnerabilities or has been shown time and again to be a spy instrument, I don’t use it. Plain and simple. It’s easy. People make privacy harder than it needs to be.
The “Mind Your Own Business Act”
Senator Ron Wyden, D-Ore., introduced a new bill called the “Mind Your Own Business Act” which would impose legal punishments for corporate executives who abuse consumer data privacy. Much like the California Consumer Privacy Act (CCPA), the Senator wants to give consumers the ability to control their own private information, increase corporate transparency in how private data is handled, and make corporate executives accountable when they deceive consumers about how consumer personal information is used (Robinson, 2019).
“Mark Zuckerberg won’t take Americans’ privacy seriously unless he feels personal consequences. A slap on the wrist from the FTC won’t do the job, so under my bill he’d face jail time for lying to the government,” Wyden said.
It is unlikely, however, that any privacy law will significantly change how our personal data is handled unless there is some sort of government enforcement agency such as the Federal Trade Commission (FTC) to police corporations and impose penalties. Otherwise, it’s all just smoke and hype! We want privacy, but the cost to society, commerce, and government must be balanced in a manageable and affordable way or it will simply fail.
Security vs. Privacy: License Plate Reader edition
In case you didn’t know, automatic license plate reader (ALPR) technology has exploded onto the technology scene in recent years and poses major threats to privacy. This is shaping up to be a battle between security and privacy which traditionally has favored security in recent historical cases. Law Enforcement (LE) agencies including Immigration and Customs Enforcement (ICE) have contracted ALPR technology services through various companies such as Flock Safety as well as surveillance camera company Ring (recently acquired by Amazon) to gain valuable access to license plate tracking data that provides LE authorities with information on which vehicles are driving where. When this information is aggregated with other information that they already had access to like the Department of Motor Vehicles (DMV), they are able to quickly determine that citizen or non-citizen “X” is traveling along a certain route or is at a particular residence or shopping center.
ALPR tech is a definite game-changer for LE authorities and communities because it makes it much easier to apprehend criminals in the act of committing crimes. I think most people would agree that ALPR tech would be great if that were its only application of the technology. However, what happens when it is used for other types of intelligence collection. These are commercial companies that have developed and implemented this technology that involves computer algorithms that are tied to surveillance cameras located geographically around a given region. You may ask, “Under what authority do these commercial companies operate? Who gave them the authority to do this?” The cities and states have given their respective Departments of Transportation (DOT) the right to install surveillance cameras on roadways, highways, overpasses, bridges, street lights, etc. State and Federal LE agencies are also given the authority to use this technology under the guise of community policing and criminal investigation.
“Cops have used license plate readers for at least a decade, but the ones made by Flock Safety are arguably more powerful. They automatically catalog a vehicle’s model, color, make, and any distinguishing marks, as well as the date and time they passed through the neighborhood. The cameras ping law enforcement the minute a known stolen vehicle crosses their path, a feature VanHoozer says has been particularly useful in Cobb County. The Flock LPRs are even capable of detecting people walking by, and whether they have a dog in tow” (Matsakis, 2019).
The same thing is happening across the country with facial recognition system technology that is tied to surveillance cameras. Some cities have already banned facial recognition systems (FRS) out of alarmist concerns. Is the U.S. following in the footsteps of China with its mass-surveillance society that assigns each citizen a social credit score? It would certainly seem as though we are headed down that path. Citizens need to weigh the privacy impact of having cameras everywhere and how that footage is being used to spy on them. For instance, I am all for lower crime rates and I believe FRS and ALPR tech can help immensely with that. However, where I draw the line is when I want to call into work sick one day and take my children to Disneyland. Will my employer be able to tap into the ALPR and FRS tech to know whether I am at home or not? Will it be used by school districts to verify that parents are taking their kids to a “Doctor Appointment” instead of to Disneyland? If we cross that delicate balance of privacy, then we’ve lost everything that is freedom.
Featured Privacy Tactics, Techniques, & Procedures
This TTP is not privacy-focused, but for those of you who are technologists, CollapseOS is a nifty little Operating System (OS) that was created to be able to work with minimal computer hardware requirements in case the entire global supply chain well, collapses! It only requires an 8-bit Z80 processor chip to function. This is cyber-resiliency at its finest because should a nuclear holocaust event ever befall this planet, those who are left picking up the pieces of civilization will have to make do with whatever is on hand. Entire regions of the planet may be uninhabitable, that is if human life is able to survive at all. Guess what though, if that digital memory that the CollapseOS and any other important files you might have are not saved to CD/DVDs or an external storage device (HDD, SSD, USB storage, etc.) that is protected from Electro-Magnetic Pulses (EMP), then it will all be for nothing. All electronics within the range of an EMP will be utterly useless afterward. Read here for more information.
This is where those engineering geeks will come in extremely handy. Making things work is a hell of a skill to have. Here is one example of someone who is definitely thinking ahead. There is a saying we used to have in the Marines that said, “Prepare for the worst. Hope for the best.” You have to prepare for the worst to not only be prepared to respond to it, obviously. However, it also allows you to truly appreciate life in better circumstances.
Low-Tech Security: Evasion and Anonymity Tip
Sometimes we forget in our lives, as we become caught up in the daily chaos of modern life, that we always retain the option of saying nothing, of choosing to not volunteer personal information to others whether in person or online. Sometimes we forget that silence is wiser than speech in some situations. Until you find yourself in an entirely preventable situation where your personal information was used against you to act fraudulently in your name, you may disregard the value of maintaining a low profile online.
Sim-Jacking Relies on Criminals Collecting Your Information
If you own a cell phone, then you’re vulnerable to a particular type of cybercrime known as ‘SIM-jacking’ that involves cybercriminals calling your phone provider (e.g., Verizon, AT&T, Sprint) and claiming to be you with a little bit of Open-Source Intelligence (OSINT) collection of your personal details you may have left online in a social media post or something and then using those against your phone provider in a form of social engineering or pretexting attack to trick the phone provider company into switching your cell phone profile to a new SIM card. It doesn’t take any technical skill to pull this type of crime off either.
If successful, the perpetrators can defeat the common Two-Factor Authentication (2FA) SMS text messages required by many banking Apps and other websites that consist of something you know (i.e., PIN or password) and something you have (mobile device) by using the newly associated SIM card tied to your phone to conduct a Man-in-the-Middle (MITM) attack.
The cybercriminals will receive the 2FA text messages or authentication “push” with verification codes and can then use them to potentially gain access to any online accounts you have connected to your cell phone. For anyone who has an online banking app on their phone, this could be devastating and it’s yet another reason why giving away personal information online is dangerous! People have had their entire bank accounts wiped out in minutes. This is not something to take lightly. Less information posted online is more.
Security keys a.k.a. Yubikeys are a low-tech security device that physically stores your decryption key to authenticate into your account. Google offers this service as do other companies. It is advisable to use a security key over SMS text 2FA, but here again, there are risks either way. If you lose your security key or it is somehow destroyed when you fall over the side of a boat into the ocean or it gets crushed under your skateboard wheel, you won’t be able to access your accounts it is tied to without some serious amount of customer support and even then it is highly improbable.
Use fake names, fake addresses, and a throwaway email you don’t care about specifically to sign up for website accounts with. Gmail, Yahoo, ProtonMail, and many other Email provider accounts are free, so why not? If you’re using a password manager, as you should be, then it’s not as if you have to remember another Email account login password anyway. It’s best to only give your primary email address out to those you know and trust. It’s a good way to cut back on spam emails as well.
Privacy is fleeting in this world. It’s not a birthright in most places, not one bit. Privacy is something we as citizens have to demand from our governments or else it inevitably gets trampled on the same way freedom is eroded over time, little by little, when a country elects a wannabe dictator or each time a new law is passed that chips away at the underlying Constitutional framework. As the old saying goes friends, “You either stand for something or fall for anything.” I believe online privacy is something worth taking a stand for, do you? Until next time.
***Trust No One. Verify Everything. Leave No Trace.***
Additional Privacy Resources
z3r0trust Privacy Newsletters: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, #4–20, #5–20, #6–20, #32–20, #33–20, #8–20, #9–20, 16, 17, 45–20, 46–20, 47–20, 48–20, #1–21, #2–21, #3–21, #6–21
*Privacy-related articles also published by the author can be found here.
Other helpful privacy info: EFFector | Atlas of Surveillance | Privacy Tools | IAPP | ACLU | PogoWasRight.org | DataBreaches.net
