Archive for the 'Security' Category

Facebook Does It Again, Silently Sending GPS Coordinates with Every Message

Tags: , ,

Yes, they’ve done it again.

The most-recent update of the Facebook mobile application (Android and iPhone) reverses and resets the default settings for “Location Services”, so that every single Facebook message you send, also sends your exact GPS coordinates to the recipient (and to Facebook’s own messaging servers), even if you have your GPS disabled on your phone. When the GPS is disabled, they fall back to AGPS to determine your coordinates with incredible accuracy.

Yes, even if you’ve had it disabled before, a recent update of the mobile app resets these preferences to expose your location when you’re using their Messenger app to send or receive messages through the app.

This is so specific, it actually revealed that I was in my kitchen (in the rear of my house), and not just my approximate street address on my road. Zooming into the map they helpfully provide, shows where inside my house my phone is when I sent the test messages that revealed this issue.

To prevent your phone from exposing your location with every message, go into your Facebook mobile application settings, and disable “Messenger Location Services”, as below. When you disable it here, your messages will just show “Sent from Messenger” or “Sent from Web” inside the app, instead of showing a map and GPS coordinates.

Click on the images below to see them full-size.

Facebook Mobile Messaging PrivacyFacebook Mobile Messaging Privacy GPS Maps

They may still be sending GPS coordinates with each message to their messaging servers, but not exposing it to the recipients when you disable this feature, but there’s no confirmed way to tell.

I don’t use the native Facebook mobile app to send or receive messages, opting instead to use Trillian Mobile for Android, which does not pass the GPS coordinates with each message. In addition, I can use all of my IM and chat services at once, in one interface, including Facebook, seamlessly. They have desktop apps and a web interface also, for those who wish to use those natively on any platform. Highly recommended.

Facebook, I’m not impressed with your complete lack of understanding of core security and privacy issues. This is 2013, and no application should be sending GPS coordinates to message or email recipients. Imagine what would happen if a random, unknown person were to message me, and I replied back to them. I’ve now exposed my personal location, which could include my home address, to a level of accuracy that includes where inside my home I am when I’ve responded.

In a word: Disgusting.

AT&T Locks Horns with Hurricane Sandy and my data-only MiFi

Tags: ,

AT&T DeathstarWe were hit pretty hard by Hurricane Sandy out here in New London, CT. Lots of property was damaged, wiped out boats tossed onto shore and crashed into other property.

We also lost power, thousands of homes without power for days, as trees came crashing through wires, telephone poles were pulled to the ground by falling branches and lots of other damage knocked out power transformers and substations.

Where I live, we lost power for 7 days, and that power loss means no Internet, no micro-cell, no DSL. Darkness.

I use a Novatel 2372 MiFi device when I’m on the road to get onto the live Internet, over 3G speeds. This is the only way I could get Internet access when the power went out. Unfortunately, this device also only has 1-3 hours of battery life, depending on how much I’m pulling across it. To keep it charged, I had to plug it into the inverter in my truck, and hope that it would stay online long enough to get through my work day.

Since I don’t do “streaming” or “downloads” across this device, I never came close to hitting any data usage limitations. My data plan on this specific device (data-only SIM provisioning) was “Unlimited” from AT&T. I’ve been using this since ~2008 as an “Unlimited” data device.

5 days into my use of the MiFi as my only Internet gateway, I received an email from AT&T stating:

As a valued customer, we are sending you this email to assist you in avoiding possible service interruption and minimizing your bill. Our systems have detected that you are using a substantial amount of data.

Your May 2012 bill contained a notice that your DataConnect plan has expired and that you will be billed $10/GB for any usage that exceeds 5GB in any billing period.

If you use 5GB in a billing period, we will temporarily suspend your service. This is to give you an opportunity to contact us to discuss your options, including changing your plan to one that is $50 per month plus $10/GB for any usage that exceeds 5 GB. You also have the option to terminate service without penalty.

To avoid a possible suspension of service, please contact us now at 800-331-0500 or 611 from your wireless phone, so that we may assist you in selecting a plan which meets your needs.

I called them to inquire why I received this email, obviously an error on their part, since my plan was “Unlimited”.

The woman I spoke with on the phone claimed that these “Unlimited” plans had been phased out in 2008; 4+ years ago, and I should have received an automated email in 2010 alerting me to this fact. Since I’d never reached the 3.5GB “soft cap” before, I never received the warning email.

While on the phone, I asked her if she could make sure my plan was truly “Unlimited” and remove any blocks, email alerts or other things preventing me from using the device as originally purchased and intended.

She proceeded to tell me that AT&T no longer offers any unlimited plans, and that my only option is to “bump up” to a 5GB (5 gigabyte/month) plan. I’m already paying $59/month for the (pseudo)-Unlimited plan I thought I already had.

It turns out that when you reach the 5GB limit, email-alerted or otherwise, your service is suspended, but AT&T will continue to bill you at the full rate even though you are unable to use the service any longer. You cannot “un-suspend” your service, you can only stop using the current plan, and subscribe to a new/different plan. This is to “encourage” you to call them and subscribe to one of their other plans, the only plan available; the 5GB/month plan.

There are no 10GB plans, no 20GB plans, no Unlimited plans. You get 5GB/month, and every 1GB over that capacity, you pay $10/GB for that.

Then I asked her if I could simply terminate the “data only” SIM account, and add the “Tethering” package to one of my BlackBerry phones (I have two activated, both with truly “Unlimited” data), and avoid the need for a dedicated SIM/device for data. She said “No, we cannot do that, because Tethering isn’t permitted on Unlimited data plans.” AT&T closed this hole about a year ago, when you could use tethering, for no charge.

So I had her “fix” the problem, by subscribing to the proper 2012 “data only” 5GB/month plan, terminating my older plan, which would have locked me out, should I have reached that 5GB/month limit, intentionally or otherwise.

The operator helpfully re-provisioned my MiFi device with the correct “data” plan, and said I should see no other issues with the service or plans, other than the charge was now $10/month cheaper than my original plan from 2008.

What frustrates me, is that they never said they were cutting off the older plans, nor was there any warning or grace period before you’re shut off, and shut off for good.

Good going, AT&T. I was just trying to use the hardware I have, under the terms I’ve been paying for since 2008, so I can get my day-job work done.

The other oddity, is that my data-only MiFi device is subject to the E-911 Surcharge, even though the device can’t possibly allow me to dial 9-1-1 from it, in the case of an emergency. In fact, even if I were to pop the SIM out and put it into a phone, I still cannot dial 9-1-1. So why the charge? I asked, and received this as a response:

“The Federal Government passes this charge onto us, so we in-turn pass it directly onto you.”

Yes, that’s right, I pay monthly, for the “right” to dial 9-1-1 from a device that literally cannot dial 9-1-1 at all, ever. Neat!

Sprint and Verizon’s data plans and options are sure looking attractive these days, when weighed against the heavy hand of AT&T.

tl;dr: AT&T silently caps, then retires my “Unlimited” MiFi data plan 4 years ago, replaces it with a 5GB plan with no other alternative choices; 5GB or no GB.

HOWTO: Block “SongPop” game updates and events on Facebook

Tags: , ,

Facebook logoI’m a big fan of keeping my Facebook feed, news and wall clean and filtered, no junk and no noise that I don’t need or want to read.

On Google Chrome, I use the “Social Fixer” extension to block ads, drop columns and other unnecessary items from the pages, but this doesn’t work on Firefox Nightly builds because of a Javascript Sandbox change that the Social Fixer author hasn’t been able to find and fix yet.

But “Social Fixer” can only block some of the noise that Facebook renders, not all of it. Firefox is my preferred browser, so I needed to find a better solution here. Even SongPop’s own Support Page misunderstands the need of hundreds (nigh, thousands?) of Facebook users.

Most-recently, some of my friends have been playing a game called “Song Pop” on Facebook, and their status updates fill up my news feed on the right side. Last year it was Farmville, and this year it’s SongPop.

Here’s how to stop the noise from taking over your Facebook feed.

  1. First, search for “SongPop”, no spaces, in the Facebook search box at the top. Make sure you pick the Game page, not the App page. If you search for “Song Pop” with the space, you’ll get the wrong page.
    Search for SongPop on Facebook
  2. Now you should see the SongPop page, which looks like this:
    Facebook SongPop page
  3. Down on the lower-right side of that page, is a link labeled “Block”, and looks like this:
    Facebook block SongPop link
  4. Click that link, and you’ll get a popup to confirm your choice:
    Facebook block SongPop confirm
  5. Click “Confirm” on that link, and you’ll see the following success dialog:
    Facebook block SongPop successful
  6. Now to confirm this, go to your “Privacy Settings” in the upper-right corner, scroll down to “Blocked People and Apps” and click “Manage Blocking”. Scroll down again to the bottom and you’ll see:
    Facebook BlockApps SongPop

That’s it. Now if you go back and reload your Facebook Feed, you’ll see that the SongPop posts that were there moments ago, are now gone, stripped from your feed. If you want them back, just go back into the “Blocked People and Apps” and click the “Unblock” link shown in the image above.

Good luck!

Fighting Crime from the Sofa

surveillance cameraLook Ma, no privacy!. It looks like the public is slowly being groomed to accept more and more invasion of their privacy at an even greater scale than before. London is piloting a program that will allow their public to sit at home, watching television, to tune into the more than 400 closed circuit cameras around town, 24×7, to watch their citizens for crime.

What does this REALLY do?

Well, for one.. it makes it easier to anonymously report your neighbors for their crimes (remember ThoughtCrime?), and it also makes it MUCH easier for predators, pedophiles and other miscreants to zoom in on their prey, watch their habits, monitor their behaviors, and stalk them.

Nice.

Combine this with Apple’s All-Seeing Monitor, and you have a full 360-° solution to watching the people, and watching the watchers. Record all of this data (storage is cheap these days), and begin putting together profiles of everyone’s behaviors, by keeping them in their homes during great television shows, keep them outside during work hours, and so on.

Hey, this could all be a great experiment on how to control the human conscious, by filling it with all kinds of subconscious bombardment. At the same time, we slowly erode their civil liberties, burn the Constitution off in the corner, and begin to turn our world into a complete totalitarian state.

Here’s a note to the current administration thinking this is somehow a good idea:

George Orwell’s book 1984 was meant to be a warning, not a script! – David A. Desrosiers, 2005

This reminds me of David Brin’s “Transparent Society” (on amazon here), a non-fiction work wherein he forecasts the erosion of privacy, as it is overtaken by low-cost surveillance, communication and database technology.

Brin argues that true privacy will be lost in the “transparent society”; however, we have the choice between one that offers the illusion of privacy by restricting the power of surveillance to authorities, or one that destroys that illusion by offering everyone access (including the ability to watch the watchers).

There’s another great article in the Arizona Republic online edition, that describes all of the various ways in which our privacy is being eroded every day. Here are some of those examples:

  • Cameras eye you while you drive, bank, shop, eat and sometimes even when you stray into your neighbor’s yard.
  • Your boss could be monitoring your computer-usage habits, maybe reading your private e-mails. Even the bathroom may not be safe from snoopers.
  • Stores keep track of your shopping habits, sometimes sharing the fact that you prefer Crest over Colgate with marketers.
  • Applying for a mortgage lays open the full details of your financial, employment and residential history.

This quote really stands out in this piece:

“Former Phoenix Police Chief Harold Hurtt, who now heads the Houston Police Department, suggested recently that crime-fighting in Houston could be enhanced with surveillance cameras in apartment complexes, on downtown streets and in private homes.”

“I know a lot of people are concerned about ‘Big Brother,’ ” Hurtt told reporters at a briefing in Houston, “but my response to that is if you are not doing anything wrong, why should you worry about it?”

Perhaps Harold, because it violates the Constitution? Read your 4th Amendment recently? Just because you think you CAN stick cameras in every corner, doesn’t mean you’re legally allowed to.

And for that matter, why not just stick my own cameras on my own house, pointed in every corner of the street, driveway, street corners, and put those videos online for others to see. Its all public information, right?

These people seriously need a wake-up call.

Bad Behavior has blocked 904 access attempts in the last 7 days.