#stalkerware
Text
OUT NOW: my most in depth investigation yet
in this article we see just HOW little a company handling highly sensitive data can care about security and yes it's even worse than you think
content warning: mentions of abuse/controlling behaviour
support me on ko-fi if you like my work and want to read (non-hacking) articles early!
#FuckStalkerware#maia arson crimew#stalkerware#security#infosec#data breach#investigative journalism
8K notes
·
View notes
Text
Forcing your computer to rat you out
Powerful people imprisoned by the cluelessness of their own isolation, locked up with their own motivated reasoning: “It’s impossible to get a CEO to understand something when his quarterly earnings call depends on him not understanding it.”
Take Mark Zuckerberg. Zuckerberg insists that anyone who wanted to use a pseudonym online is “two-faced,” engaged in dishonest social behavior. The Zuckerberg Doctrine claims that forcing people to use their own names is a way to ensure civility. This is an idea so radioactively wrong, it can be spotted from orbit.
From the very beginning, social scientists (both inside and outside Facebook) told Zuckerberg that he was wrong. People have lots of reasons to hide their identities online, both good and bad, but a Real Names Policy affects different people differently:
https://memex.craphound.com/2018/01/22/social-scientists-have-warned-zuck-all-along-that-the-facebook-theory-of-interaction-would-make-people-angry-and-miserable/
For marginalized and at-risk people, there are plenty of reasons to want to have more than one online identity — say, because you are a #MeToo whistleblower hoping that Harvey Weinstein won’t sic his ex-Mossad mercenaries on you:
https://www.newyorker.com/news/news-desk/harvey-weinsteins-army-of-spies
Or maybe you’re a Rohingya Muslim hoping to avoid the genocidal attentions of the troll army that used Facebook to organize — under their real, legal names — to rape and murder you and everyone you love:
https://www.amnesty.org/en/latest/news/2022/09/myanmar-facebooks-systems-promoted-violence-against-rohingya-meta-owes-reparations-new-report/
But even if no one is looking to destroy your life or kill you and your family, there are plenty of good reasons to present different facets of your identity to different people. No one talks to their lover, their boss and their toddler in exactly the same way, or reveals the same facts about their lives to those people. Maintaining different facets to your identity is normal and healthy — and the opposite, presenting the same face to everyone in your life, is a wildly terrible way to live.
None of this is controversial among social scientists, nor is it hard to grasp. But Zuckerberg stubbornly stuck to this anonymity-breeds-incivility doctrine, even as dictators used the fact that Facebook forced dissidents to use their real names to retain power through the threat (and reality) of arrest and torture:
https://pluralistic.net/2023/01/25/nationalize-moderna/#hun-sen
Why did Zuck cling to this dangerous and obvious fallacy? Because the more he could collapse your identity into one unitary whole, the better he could target you with ads. Truly, it is impossible to get a billionaire to understand something when his mega-yacht depends on his not understanding it.
This motivated reasoning ripples through all of Silicon Valley’s top brass, producing what Anil Dash calls “VC QAnon,” the collection of conspiratorial, debunked and absurd beliefs embraced by powerful people who hold the digital lives of billions of us in their quivering grasp:
https://www.anildash.com/2023/07/07/vc-qanon/
These fallacy-ridden autocrats like to disguise their demands as observations, as though wanting something to be true was the same as making it true. Think of when Eric Schmidt — then the CEO of Google — dismissed online privacy concerns, stating “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place”:
https://www.eff.org/deeplinks/2009/12/google-ceo-eric-schmidt-dismisses-privacy
Schmidt was echoing the sentiments of his old co-conspirator, Sun Microsystems CEO Scott McNealy: “You have zero privacy anyway. Get over it”:
https://www.wired.com/1999/01/sun-on-privacy-get-over-it/
Both men knew better. Schmidt, in particular, is very jealous of his own privacy. When Cnet reporters used Google to uncover and publish public (but intimate and personal) facts about Schmidt, Schmidt ordered Google PR to ignore all future requests for comment from Cnet reporters:
https://www.cnet.com/tech/tech-industry/how-cnet-got-banned-by-google/
(Like everything else he does, Elon Musk’s policy of responding to media questions about Twitter with a poop emoji is just him copying things other people thought up, making them worse, and taking credit for them:)
https://www.theverge.com/23815634/tesla-elon-musk-origin-founder-twitter-land-of-the-giants
Schmidt’s actions do not reflect an attitude of “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.” Rather, they are the normal response that we all have to getting doxed.
When Schmidt and McNealy and Zuck tell us that we don’t have privacy, or we don’t want privacy, or that privacy is bad for us, they’re disguising a demand as an observation. “Privacy is dead” actually means, “When privacy is dead, I will be richer than you can imagine, so stop trying to save it, goddamnit.”
We are all prone to believing our own bullshit, but when a tech baron gets high on his own supply, his mental contortions have broad implications for all of us. A couple years after Schmidt’s anti-privacy manifesto, Google launched Google Plus, a social network where everyone was required to use their “real name.”
This decision — justified as a means of ensuring civility and a transparent ruse to improve ad targeting — kicked off the Nym Wars:
https://epeus.blogspot.com/2011/08/google-plus-must-stop-this-identity.html
One of the best documents to come out of that ugly conflict is “Falsehoods Programmers Believe About Names,” a profound and surprising enumeration of all the ways that the experiences of tech bros in Silicon Valley are the real edge-cases, unreflective of the reality of billions of their users:
https://www.kalzumeus.com/2010/06/17/falsehoods-programmers-believe-about-names/
This, in turn, spawned a whole genre of programmer-fallacy catalogs, falsehoods programmers believe about time, currency, birthdays, timezones, email addresses, national borders, nations, biometrics, gender, language, alphabets, phone numbers, addresses, systems of measurement, and, of course, families:
https://github.com/kdeldycke/awesome-falsehood
But humility is in short supply in tech. It’s impossible to get a programmer to understand something when their boss requires them not to understand it. A programmer will happily insist that ordering you to remove your “mask” is for your own good — and not even notice that they’re taking your skin off with it.
There are so many ways that tech executives could improve their profits if only we would abandon our stubborn attachment to being so goddamned complicated. Think of Netflix and its anti-passsword-sharing holy war, which is really a demand that we redefine “family” to be legible and profitable for Netflix:
https://pluralistic.net/2023/02/02/nonbinary-families/#red-envelopes
But despite the entreaties of tech companies to collapse our identities, our families, and our online lives into streamlined, computably hard-edged shapes that fit neatly into their database structures, we continue to live fuzzy, complicated lives that only glancingly resemble those of the executives seeking to shape them.
Now, the rich, powerful people making these demands don’t plan on being constrained by them. They are conservatives, in the tradition of #FrankWilhoit, believers in a system of “in-groups whom the law protects but does not bind, alongside out-groups whom the law binds but does not protect”:
https://crookedtimber.org/2018/03/21/liberals-against-progressives/#comment-729288
As with Schmidt’s desire to spy on you from asshole to appetite for his own personal gain, and his violent aversion to having his own personal life made public, the tech millionaires and billionaires who made their fortune from the flexibility of general purpose computers would like to end that flexibility. They insist that the time for general purpose computers has passed, and that today, “consumers” crave the simplicity of appliances:
https://memex.craphound.com/2012/01/10/lockdown-the-coming-war-on-general-purpose-computing/
It is in the War On General Purpose Computing that we find the cheapest and flimsiest rhetoric. Companies like Apple — and their apologists — insist that no one wants to use third-party app stores, or seek out independent repair depots — and then spend millions to make sure that it’s illegal to jailbreak your phone or get it fixed outside of their own official channel:
https://doctorow.medium.com/apples-cement-overshoes-329856288d13
The cognitive dissonance of “no one wants this,” and “we must make it illegal to get this” is powerful, but the motivated reasoning is more powerful still. It is impossible to get Tim Cook to understand something when his $49 million paycheck depends on him not understanding it.
The War on General Purpose Computing has been underway for decades. Computers, like the people who use them, stubbornly insist on being reality-based, and the reality of computers is that they are general purpose. Every computer is a Turing complete, universal Von Neumann machine, which means that it can run every valid program. There is no way to get a computer to be almost Turing Complete, only capable of running programs that don’t upset your shareholders’ fragile emotional state.
There is no such thing as a printer that will only run the “reject third-party ink” program. There is no such thing as a phone that will only run the “reject third-party apps” program. There are only laws, like the Section 1201 of the Digital Millennium Copyright Act, that make writing and distributing those programs a felony punishable by a five-year prison sentence and a $500,000 fine (for a first offense).
That is to say, the War On General Purpose Computing is only incidentally a technical fight: it is primarily a legal fight. When Apple says, “You can’t install a third party app store on your phone,” what they means is, “it’s illegal to install that third party app store.” It’s not a technical countermeasure that stands between you and technological self-determination, it’s a legal doctrine we can call “felony contempt of business model”:
https://locusmag.com/2020/09/cory-doctorow-ip/
But the mighty US government will not step in to protect a company’s business model unless it at least gestures towards the technical. To invoke DMCA 1201, a company must first add the thinnest skin of digital rights management to their product. Since 1201 makes removing DRM illegal, a company can use this molecule-thick scrim of DRM to felonize any activity that the DRM prevents.
More than 20 years ago, technologists started to tinker with ways to combine the legal and technical to tame the wild general purpose computer. Starting with Microsoft’s Palladium project, they theorized a new “Secure Computing” model for allowing companies to reach into your computer long after you had paid for it and brought it home, in order to discipline you for using it in ways that undermined its shareholders’ interest.
Secure Computing began with the idea of shipping every computer with two CPUs. The first one was the normal CPU, the one you interacted with when you booted it up, loaded your OS, and ran programs. The second CPU would be a Trusted Platform Module, a brute-simple system-on-a-chip designed to be off-limits to modification, even by its owner (that is, you).
The TPM would ship with a limited suite of simple programs it could run, each thoroughly audited for bugs, as well as secret cryptographic signing keys that you were not permitted to extract. The original plan called for some truly exotic physical security measures for that TPM, like an acid-filled cavity that would melt the chip if you tried to decap it or run it through an electron-tunneling microscope:
https://pluralistic.net/2020/12/05/trusting-trust/#thompsons-devil
This second computer represented a crack in the otherwise perfectly smooth wall of a computer’s general purposeness; and Trusted Computing proposed to hammer a piton into that crack and use it to anchor a whole superstructure that could observe — and limited — the activity of your computer.
This would start with observation: the TPM would observe every step of your computer’s boot sequence, creating cryptographic hashes of each block of code as it loaded and executed. Each stage of the boot-up could be compared to “known good” versions of those programs. If your computer did something unexpected, the TPM could halt it in its tracks, blocking the boot cycle.
What kind of unexpected things do computers do during their boot cycle? Well, if your computer is infected with malware, it might load poisoned versions of its operating system. Once your OS is poisoned, it’s very hard to detect its malicious conduct, since normal antivirus programs rely on the OS to faithfully report what your computer is doing. When the AV program asks the OS to tell it which programs are running, or which files are on the drive, it has no choice but to trust the OS’s response. When the OS is compromised, it can feed a stream of lies to users’ programs, assuring these apps that everything is fine.
That’s a very beneficial use for a TPM, but there’s a sinister flipside: the TPM can also watch your boot sequence to make sure that there aren’t beneficial modifications present in your operating system. If you modify your OS to let you do things the manufacturer wants to prevent — like loading apps from a third-party app-store — the TPM can spot this and block it.
Now, these beneficial and sinister uses can be teased apart. When the Palladium team first presented its research, my colleague Seth Schoen proposed an “owner override”: a modification of Trusted Computing that would let the computer’s owner override the TPM:
https://web.archive.org/web/20021004125515/http://vitanuova.loyalty.org/2002-07-05.html
This override would introduce its own risks, of course. A user who was tricked into overriding the TPM might expose themselves to malicious software, which could harm that user, as well as attacking other computers on the user’s network and the other users whose data were on the compromised computer’s drive.
But an override would also provide serious benefits: it would rule out the monopolistic abuse of a TPM to force users to run malicious code that the manufacturer insisted on — code that prevented the user from doing things that benefited the user, even if it harmed the manufacturer’s shareholders. For example, with owner override, Microsoft couldn’t force you to use its official MS Office programs rather than third-party compatible programs like Apple’s iWork or Google Docs or LibreOffice.
Owner override also completely changed the calculus for another, even more dangerous part of Trusted Computing: remote attestation.
Remote Attestation is a way for third parties to request a reliable, cryptographically secured assurances about which operating system and programs your computer is running. In Remote Attestation, the TPM in your computer observes every stage of your computer’s boot, gathers information about all the programs you’re running, and cryptographically signs them, using the signing keys the manufacturer installed during fabrication.
You can send this “attestation” to other people on the internet. If they trust that your computer’s TPM is truly secure, then they know that you have sent them a true picture of your computer’s working (the actual protocol is a little more complicated and involves the remote party sending you a random number to cryptographically hash with the attestation, to prevent out-of-date attestations).
Now, this is also potentially beneficial. If you want to make sure that your technologically unsophisticated friend is running an uncompromised computer before you transmit sensitive data to it, you can ask them for an attestation that will tell you whether they’ve been infected with malware.
But it’s also potentially very sinister. Your government can require all the computers in its borders to send a daily attestation to confirm that you’re still running the mandatory spyware. Your abusive spouse — or abusive boss — can do the same for their own disciplinary technologies. Such a tool could prevent you from connecting to a service using a VPN, and make it impossible to use Tor Browser to protect your privacy when interacting with someone who wishes you harm.
The thing is, it’s completely normal and good for computers to lie to other computers on behalf of their owners. Like, if your IoT ebike’s manufacturer goes out of business and all their bikes get bricked because they can no longer talk to their servers, you can run an app that tricks the bike into thinking that it’s still talking to the mothership:
https://nltimes.nl/2023/07/15/alternative-app-can-unlock-vanmoof-bikes-popular-amid-bankruptcy-fears
Or if you’re connecting to a webserver that tries to track you by fingerprinting you based on your computer’s RAM, screen size, fonts, etc, you can order your browser to send random data about this stuff:
https://jshelter.org/fingerprinting/
Or if you’re connecting to a site that wants to track you and nonconsensually cram ads into your eyeballs, you can run an adblocker that doesn’t show you the ads, but tells the site that it did:
https://www.eff.org/deeplinks/2019/07/adblocking-how-about-nah
Owner override leaves some of the beneficial uses of remote attestation intact. If you’re asking a friend to remotely confirm that your computer is secure, you’re not going to use an override to send them bad data about about your computer’s configuration.
And owner override also sweeps all of the malicious uses of remote attestation off the board. With owner override, you can tell any lie about your computer to a webserver, a site, your boss, your abusive spouse, or your government, and they can’t spot the lie.
But owner override also eliminates some beneficial uses of remote attestation. For example, owner override rules out remote attestation as a way for strangers to play multiplayer video games while confirming that none of them are using cheat programs (like aimhack). It also means that you can’t use remote attestation to verify the configuration of a cloud server you’re renting in order to assure yourself that it’s not stealing your data or serving malware to your users.
This is a tradeoff, and it’s a tradeoff that’s similar to lots of other tradeoffs we make online, between the freedom to do something good and the freedom to do something bad. Participating anonymously, contributing to free software, distributing penetration testing tools, or providing a speech platform that’s open to the public all represent the same tradeoff.
We have lots of experience with making the tradeoff in favor of restrictions rather than freedom: powerful bad actors are happy to attach their names to their cruel speech and incitement to violence. Their victims are silenced for fear of that retaliation.
When we tell security researchers they can’t disclose defects in software without the manufacturer’s permission, the manufacturers use this as a club to silence their critics, not as a way to ensure orderly updates.
When we let corporations decide who is allowed to speak, they act with a mixture of carelessness and self-interest, becoming off-the-books deputies of authoritarian regimes and corrupt, powerful elites.
Alas, we made the wrong tradeoff with Trusted Computing. For the past twenty years, Trusted Computing has been creeping into our devices, albeit in somewhat denatured form. The original vision of acid-filled secondary processors has been replaced with less exotic (and expensive) alternatives, like “secure enclaves.” With a secure enclave, the manufacturer saves on the expense of installing a whole second computer, and instead, they draw a notional rectangle around a region of your computer’s main chip and try really hard to make sure that it can only perform a very constrained set of tasks.
This gives us the worst of all worlds. When secure enclaves are compromised, we not only lose the benefit of cryptographic certainty, knowing for sure that our computers are only booting up trusted, unalterted versions of the OS, but those compromised enclaves run malicious software that is essentially impossible to detect or remove:
https://pluralistic.net/2022/07/28/descartes-was-an-optimist/#uh-oh
But while Trusted Computing has wormed its way into boot-restrictions — preventing you from jailbreaking your computer so it will run the OS and apps of your choosing — there’s been very little work on remote attestation…until now.
Web Environment Integrity is Google’s proposal to integrate remote attestation into everyday web-browsing. The idea is to allow web-servers to verify what OS, extensions, browser, and add-ons your computer is using before the server will communicate with you:
https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md
Even by the thin standards of the remote attestation imaginaries, there are precious few beneficial uses for this. The googlers behind the proposal have a couple of laughable suggestions, like, maybe if ad-supported sites can comprehensively refuse to serve ad-blocking browsers, they will invest the extra profits in making things you like. Or: letting websites block scriptable browsers will make it harder for bad people to auto-post fake reviews and comments, giving users more assurances about the products they buy.
But foundationally, WEI is about compelling you to disclose true facts about yourself to people who you want to keep those facts from. It is a Real Names Policy for your browser. Google wants to add a new capability to the internet: the ability of people who have the power to force you to tell them things to know for sure that you’re not lying.
The fact that the authors assume this will be beneficial is just another “falsehood programmers believe”: there is no good reason to hide the truth from other people. Squint a little and we’re back to McNealy’s “Privacy is dead, get over it.” Or Schmidt’s “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”
And like those men, the programmers behind this harebrained scheme don’t imagine that it will ever apply to them. As Chris Palmer — who worked on Chromium — points out, this is not compatible with normal developer tools or debuggers, which are “incalculably valuable and not really negotiable”:
https://groups.google.com/a/chromium.org/g/blink-dev/c/Ux5h_kGO22g/m/5Lt5cnkLCwAJ
This proposal is still obscure in the mainstream, but in tech circles, it has precipitated a flood of righteous fury:
https://arstechnica.com/gadgets/2023/07/googles-web-integrity-api-sounds-like-drm-for-the-web/
As I wrote last week, giving manufacturers the power to decide how your computer is configured, overriding your own choices, is a bad tradeoff — the worst tradeoff, a greased slide into terminal enshittification:
https://pluralistic.net/2023/07/24/rent-to-pwn/#kitt-is-a-demon
This is how you get Unauthorized Bread:
https://arstechnica.com/gaming/2020/01/unauthorized-bread-a-near-future-tale-of-refugees-and-sinister-iot-appliances/
All of which leads to the question: what now? What should be done about WEI and remote attestation?
Let me start by saying: I don’t think it should be illegal for programmers to design and release these tools. Code is speech, and we can’t understand how this stuff works if we can’t study it.
But programmers shouldn’t deploy it in production code, in the same way that programmers should be allowed to make pen-testing tools, but shouldn’t use them to attack production systems and harm their users. Programmers who do this should be criticized and excluded from the society of their ethical, user-respecting peers.
Corporations that use remote attestation should face legal restrictions: privacy law should prevent the use of remote attestation to compel the production of true facts about users or the exclusion of users who refuse to produce those facts. Unfair competition law should prevent companies from using remote attestation to block interoperability or tie their products to related products and services.
Finally, we must withdraw the laws that prevent users and programmers from overriding TPMs, secure enclaves and remote attestations. You should have the right to study and modify your computer to produce false attestations, or run any code of your choosing. Felony contempt of business model is an outrage. We should alter or strike down DMCA 1201, the Computer Fraud and Abuse Act, and other laws (like contract law’s “tortious interference”) that stand between you and “sole and despotic dominion” over your own computer. All of that applies not just to users who want to reconfigure their own computers, but also toolsmiths who want to help them do so, by offering information, code, products or services to jailbreak and alter your devices.
Tech giants will squeal at this, insisting that they serve your interests when they prevent rivals from opening up their products. After all, those rivals might be bad guys who want to hurt you. That’s 100% true. What is likewise true is that no tech giant will defend you from its own bad impulses, and if you can’t alter your device, you are powerless to stop them:
https://pluralistic.net/2022/11/14/luxury-surveillance/#liar-liar
Companies should be stopped from harming you, but the right place to decide whether a business is doing something nefarious isn’t in the boardroom of that company’s chief competitor: it’s in the halls of democratically accountable governments:
https://www.eff.org/wp/interoperability-and-privacy
So how do we get there? Well, that’s another matter. In my next book, The Internet Con: How to Seize the Means of Computation (Verso Books, Sept 5), I lay out a detailed program, describing which policies will disenshittify the internet, and how to get those policies:
https://www.versobooks.com/products/3035-the-internet-con
Predictably, there are challenges getting this kind of book out into the world via our concentrated tech sector. Amazon refuses to carry the audio edition on its monopoly audiobook platform, Audible, unless it is locked to Amazon forever with mandatory DRM. That’s left me self-financing my own DRM-free audio edition, which is currently available for pre-order via this Kickstarter:
http://seizethemeansofcomputation.org
I’m kickstarting the audiobook for “The Internet Con: How To Seize the Means of Computation,” a Big Tech disassembly manual to disenshittify the web and bring back the old, good internet. It’s a DRM-free book, which means Audible won’t carry it, so this crowdfunder is essential. Back now to get the audio, Verso hardcover and ebook:
https://www.kickstarter.com/projects/doctorow/the-internet-con-how-to-seize-the-means-of-computation
If you’d like an essay-formatted version of this post to read or share, here’s a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
https://pluralistic.net/2023/08/02/self-incrimination/#wei-bai-bai
[Image ID: An anatomical drawing of a flayed human head; it has been altered to give it a wide-stretched mouth revealing a gadget nestled in the back of the figure's throat, connected by a probe whose two coiled wires stretch to an old fashioned electronic box. The head's eyes have been replaced by the red, menacing eye of HAL 9000 from Stanley Kubrick's '2001: A Space Odyssey.' Behind the head is a code waterfall effect as seen in the credits of the Wachowskis' 'The Matrix.']
Image:
Cryteria (modified)
https://commons.wikimedia.org/wiki/File:HAL9000.svg
CC BY 3.0
https://creativecommons.org/licenses/by/3.0/deed.en
#pluralistic#chaffing#spoofing#remote attestation#rene descartes#adversarial interoperability#war on general purpose computing#canvas attacks#vpns#compelled speech#onion routing#owner override#stalkerware#ngscb#palladium#trusted computing#secure enclaves#tor#interop#net neutrality#taking the fifth#right to remain silent#real names policy#the zuckerberg doctrine#none of your business#the right to lie#right to repair#bossware#spyware#wei web environment integrity
2K notes
·
View notes
Text
"Video - The risks of stalkerware
"The risks of stalkerware
"GMA’s" Becky Worley explores the risk of the electronic surveillance applications."
#surveillance #Tracking #videoSurveillance #privacy #Antireport
#surveillance#tracking#video surveillance#privacy#invasion of privacy#antireport#spying#stalkerware#gangstalking#humanrights#ausgov#politas#auspol#tasgov#taspol#australia#neoliberal capitalism#fuck neoliberals#anthony albanese#albanese government#fuck the gop#fuck the police#fuck the supreme court#fuck the patriarchy#i.t.#infotech#information technology#class war#classwar#internet
0 notes
Text
هل تعتقد أنَّ هناك من يتجسس عليك باستخدام Stalkerware؟ إليك ما يجب القيام به
هل سبق لك أن تعرضت للمُطاردة والتتبع عبر الإنترنت؟ آمل ألا تكون ضحية لذلك ، ولكن حتى لو حصل شيء مُشابه لك ، فهل ستتمكن من معرفة حدوثه؟ من المُحتمل أنك لن تعرف ، لأنه من المعروف أنه من الصعب اكتشاف Stalkerware.
ولكن ما هو Stalkerware بالضبط ، وكيف يعمل؟ كيف يُمكنك اكتشاف Stalkerware وإزالته من جهاز مصاب قبل تسريب أي معلومات حيوية عنك؟ تحقق من ما هو Stalkerware وكيف يؤثر على هواتف Android؟
Read the full article
0 notes
Text
Stalkerware - La forma más común de Acoso Digital
Stalkerware – La forma más común de Acoso Digital
Estudio de la compañía revela que el 53% de los argentinos desconoce la existencia del stalkerware, aplicación que permite conocer la ubicación de alguien en tiempo real, leer mensajes y escuchar llamadas telefónicas sin su consentimiento (Fuente Kaspersky Latam).
Encontrar siempre a la misma persona en los lugares que frecuentamos o tener la impresión de que alguien está espiando nuestras…
View On WordPress
0 notes
Text
México, entre los cinco países con más casos de software espía en el mundo
El país latinoamericano subió dos puestos en la clasificación global de 2020 en comparación con el año anterior
El número de personas afectadas por el stalkerware sigue siendo elevado en México. Según el reciente informe de Kaspersky, "La situación del Stalkerware en 2020", los mexicanos ocupan el quinto lugar en el ranking mundial de víctimas de stalkerware (software espía) que, a pesar de ser comercializados legítimamente, están directamente asociados con el abuso y la violencia doméstica. En 2020, más de 1.500 usuarios en el país fueron vigilados por este software, según datos de la empresa de ciberseguridad.
Según la Coalición contra el Stalkerware, estos programas espías pueden facilitar el control, acoso, abuso y violencia en las parejas, siendo las mayores víctimas las mujeres. Dado a que este tipo de software funciona de modo invisible, los usuarios afectados desconocen que están siendo vigilados, o incluso que existe este tipo de software, lo que provoca impotencia por el lado de la víctima.
El informe de Kaspersky señala que el stalkerware es una forma de ciberviolencia, y un fenómeno global que afecta a países de cualquier tamaño, sociedad o cultura: Rusia, Brasil, Estados Unidos, India y México encabezan la lista de 2020 de países en los que se han detectado más usuarios afectados.
En comparación con 2019, se registró una ligera disminución tanto en México como en Brasil, lo cual, según expertos de la empresa, fue una tendencia mundial vinculada al período de aislamiento debido a la pandemia (con más personas en casa, había menos necesidad de vigilancia por parte de los perpetradores). Pese a esto, México subió dos puestos en la clasificación y Brasil mantuvo el segundo lugar a nivel mundial ya que partir de los meses en los que se aflojaron las medidas restrictivas en varios países, los casos retomaron el ritmo anterior.
"Vemos que el número de usuarios afectados por el stalkerware sigue siendo alto y detectamos nuevas muestras cada día. Es importante recordar que detrás de estas cifras hay historias de personas reales, y a menudo una súplica silenciosa de ayuda. Compartimos los resultados de nuestra investigación para crear conciencia sobre el problema y mejorar la protección en beneficio de los afectados por la ciberviolencia", comenta Judith Tapia, gerente de ventas de consumo en Kaspersky México.
En 2019, Kaspersky cofundó, junto con otras nueve organizaciones, la Coalición contra el Stalkerware, que ahora cuenta con 30 miembros de los cinco continentes. La Coalición tiene como objetivo mejorar la detección de stalkerware por parte de la industria, el aprendizaje mutuo entre empresas y organizaciones sin ánimo de lucro y la concienciación de la sociedad.
Además, en noviembre de 2020, Kaspersky lanzó una herramienta gratuita contra el acoso llamada TinyCheck con el fin de ayudar a las organizaciones sin ánimo de lucro a apoyar a las víctimas de la violencia doméstica y proteger su privacidad. TinyCheck es capaz de detectar el stalkerware e informar a los usuarios afectados sin que el acosador se dé cuenta. La herramienta cuenta con el apoyo de la comunidad de seguridad informática y se actualiza constantemente con la ayuda de dicha comunidad.
Los usuarios pueden comprobar si su dispositivo móvil tiene instalado stalkerware buscando las siguientes señales:
Comprobar los permisos de las aplicaciones instaladas: las aplicaciones de stalkerware pueden disfrazarse bajo un nombre de aplicación falso con un acceso sospechoso a los mensajes, registros de llamadas, localización y otras actividades personales. Por ejemplo, una aplicación llamada "Wi-Fi" que tiene acceso a la geolocalización es un candidato sospechoso.
Eliminar las aplicaciones que ya no se utilizan. Si la aplicación no se ha abierto en un mes o más, probablemente ya no se necesita; y si esto cambia en el futuro, siempre se puede reinstalar.
Comprobar la configuración de "fuentes desconocidas" en los dispositivos Android. Si las "fuentes desconocidas" están activadas en el dispositivo, podría ser una señal de que se ha instalado un software no deseado por parte de un tercero.
Comprobar el historial del navegador. Para descargar el stalkerware, el acosador tendrá que visitar algunas páginas web que el usuario afectado no conoce. También es posible que no haya ningún historial si el acosador lo ha borrado.
Utilizar una protección de ciberseguridad probada, como Kaspersky Internet Security para Android, que protege contra todo tipo de amenazas móviles y realiza comprobaciones periódicas del dispositivo.
Antes de eliminar el stalkerware de un dispositivo:
Tras encontrar stalkerware en el dispositivo no te apresures para eliminarlo, ya que el acosador podría darse cuenta. Es muy importante tener en cuenta que el acosador puede suponer un riesgo potencial para la seguridad y podría intensificar sus comportamientos abusivos como respuesta.
Contactar con las autoridades locales y las organizaciones que apoyan a las víctimas de la violencia doméstica, para que le ayuden y planifiquen su seguridad. Puedes encontrar una lista de organizaciones relevantes en varios países en https://stopstalkerware.org/es/.
Considera si quieres conservar cualquier prueba del stalkerware antes de eliminarlo.
Confía en tu instinto y haz lo que creas más seguro.
0 notes
Text
IPhONE WORLD 🌏📱
The iPhone was the first mobile phone with multi-touch technology.[4] Since the iPhone's launch, it gained larger screen sizes, video-recording, waterproofing, and many accessibility features. Up to iPhone 8 and 8 Plus, iPhones had a single button on the front panel with the Touch ID fingerprint sensor. Since iPhone X, iPhone models have switched to a nearly bezel-less front screen design with Face ID facial recognition, and app switching activated by gestures. Touch ID is still used for the budget iPhone SE series.
The iPhone is one of the two largest smartphone platforms in the world alongside Android, and is a large part of the luxury market. The iPhone has generated large profits for Apple, making it one of the world's most valuable publicly traded companies. The first-generation iPhone was described as a "revolution" for the mobile phone industry and subsequent models have also garnered praise.[5] The iPhone has been credited with popularizing the smartphone and slate form factor, and with creating a large market for smartphone apps, or "app economy". As of January 2017, Apple's App Store contained more than 2.2 million applications for the iPhone.
SECURITY
The iPhone is regarded by security experts as more secure against common malware than Android.[154]Less than 1% of mobile malware targets iOS.[155
#iphone 14#iphone and android owners warned of horrifying ‘stalkerware’ apps spying on everything you do#steve jobs#android#iphone xr#iphone wallpaper#smartphone#apple ipad#ipad air
0 notes
Text
iPhone and Android owners warned of horrifying ‘stalkerware’ apps spying on everything you do
iPhone and Android owners warned of horrifying ‘stalkerware’ apps spying on everything you do
IPHONE and Android owners have been warned about creepy apps that allow controlling partners to spy on their other half.So-called stalkerware apps can be installed on devices that jealous boyfriends or girlfriends have access to \- and they’re hidden from the home screen so
Read Full Text
View On WordPress
#iPhone and Android owners warned of horrifying ‘stalkerware’ apps spying on everything you do#News#Tech#Top#UK#US
0 notes
Text
#المقدمة#ما هي برامج التجسس(Spyware) والبرامج الملاحقة(Stalkerware)؟#أنواع برامج التجسس#كيف يتم تثبيت برامج التجسس#كيف يمكن معرفة ما إذا كانت برامج التجسس موجودة على جهاز كمبيوتر ما ؟#طرق أخرى للتجسس#كيفية التعامل مع برامج التجسس؟#كيفية منع برامج التجسس
0 notes
Link
Kaspersky has launched a new information hub to help with their open-source stalkerware detection tool named TinyCheck, created in 2019 to help people detect if their devices are being monitored.
0 notes
Text
handsfree selfie i just "remotely" (from my computer the phone is leaned on) took using stalkerware*
this shit's scary
this is part of a long ass saga of a deep dive investigation into yet another big stalkerware network, which will be up as soon as possible on my blog!
*on a test device, i am not jeopardizing either mine or anyone elses privacy for research
support my work here
4K notes
·
View notes
Text
This day in history
I'm on tour with my new, nationally bestselling novel The Bezzle! Catch me in BOSTON with Randall "XKCD" Munroe (Apr 11), then PROVIDENCE (Apr 12), and beyond!
#15yrsago Why URL shorteners suck https://joshua.schachter.org/2009/04/on-url-shorteners
#15yrsago Heinlein’s house for sale https://web.archive.org/web/20090406105617/https://mcginnis.com/listings/detail.php?lid=41846127&limit=0&offset=0&aid=005900204&oid=005900002&temp=1057&aname=Sharon+Roland&aimg=1&chome=1&agent_hasfeat=2&&posc=6&post=10&cfq=elegant%3Dyes%26property_category%3D1%26county%3D41%26aid%3D005900204%26oid%3D005900002%26temp%3D1057%26aname%3DSharon%2BRoland%26aimg%3D1%26chome%3D1%26agent_hasfeat%3D2%26SRSearchDate%3D1238781456%26SRRecordCount%3D10%26SRPage%3D1%26SRPageCount%3D1%26SRPageLinks%3D6
#15yrsago Game industry exec celebrates 60+ hour work-weeks https://web.archive.org/web/20090405131359/playthisthing.com/mothers-dont-let-your-children-grow-be-game-developers
#15yrsago Nine year old’s survey project excluded from school because he learned some people don’t think of themselves as male or female https://thefourthvine.livejournal.com/102417.html
#10yrsago Britain is turning into a country that can’t tell its terrorists from its journalists https://memex.craphound.com/2014/04/03/britain-is-turning-into-a-country-that-cant-tell-its-terrorists-from-its-journalists/
#10yrsago Stop-and-frisk as the most visible element of deep, violent official American racism https://www.theatlantic.com/national/archive/2014/04/what-i-learned-about-stop-and-frisk-from-watching-my-black-son/359962/
#10yrsago David “Debt” Graeber evicted, implicates NYPD intelligence, claims revenge-harassment for OWS participation http://nielsenhayden.com/makinglight/archives/015820.html
#10yrsago Open net gets a huge boost in the EU: net neutrality and no roaming fees https://web.archive.org/web/20140405234420/http://www.marietjeschaake.eu/2014/04/mep-european-parliament-supports-proposal-schaake-to-enshrine-net-neutrality-in-european-law/
#10yrsago Cats of Tanglewood Forest: illustrated modern folktale from Charles de Lint and Charles Vess https://memex.craphound.com/2014/04/03/cats-of-tanglewood-forest-illustrated-modern-folktale-from-charles-de-lint-and-charles-vess/
#10yrsago House Science Committee: a parliament of Creationists, Climate Deniers (and dunces) https://www.scientificamerican.com/blog/the-curious-wavefunction/the-house-of-representatives-committee-on-science-is-turning-into-a-national-embarrassment/
#10yrsago Big Data has big problems https://www.ft.com/content/21a6e7d8-b479-11e3-a09a-00144feabdc0
#5yrsago 540 million Facebook users’ data exposed by third party developers https://www.upguard.com/breaches/facebook-user-data-leak
#5yrsago Elizabeth Warren proposes holding execs criminally liable for scams and data breaches https://www.washingtonpost.com/opinions/elizabeth-warren-its-time-to-scare-corporate-america-straight/2019/04/02/ca464ab0-5559-11e9-8ef3-fbd41a2ce4d5_story.html
#5yrsago How EFF’s Eva Galperin plans to destroy the stalkerware industry https://www.wired.com/story/eva-galperin-stalkerware-kaspersky-antivirus/
#5yrsago After years of insisting that DRM in HTML wouldn’t block open source implementations, Google says it won’t support open source implementations https://memex.craphound.com/2019/04/03/after-years-of-insisting-that-drm-in-html-wouldnt-block-open-source-implementations-google-says-it-wont-support-open-source-implementations/
#5yrsago After months of insisting that #Article13 doesn’t require filters, top EU Commissioner says “Article 13 requires filters” https://memex.craphound.com/2019/04/03/after-months-of-insisting-that-article13-doesnt-require-filters-top-eu-commissioner-says-article-13-requires-filters/
#5yrsago Notices at Intel press event seem to say attending photographers must assign copyright to all pictures and videos to the company? https://web.archive.org/web/20200616222543/http://mitchwagner.com/2019/04/02/video-consent-notice-posted-discreetly-in-a-couple-of-places-on-the-walls-at-the-intel-press-analyst-event-today/
#5yrsago Patagonia tells banks and oil companies that they can no longer buy co-branded vests https://www.buzzfeednews.com/article/katienotopoulos/patagonia-power-vest-policy-change
#1yrago The problem with economic models https://pluralistic.net/2023/04/03/all-models-are-wrong/#some-are-useful
14 notes
·
View notes
Text
Ahhh I did do (this NEET darling post) a while back! The answer is generally the same but to elaborate on a modern AU sort of thing:
Xiao appreciates it the most because, well, he IS a shut-in himself. Works from home, gets everything delivered, never goes out. A darling that's a shut-in themselves is a godsend because that means you won't be itching to get out to the same degree a normal captive would, and he can rest easy knowing that, as well as less dealing with annoyance from any begging or mean attitude towards him for keeping you inside. He will get upset, though, if you end up spending more time on a device than you do with him, and will confiscate the device if he feels you are not giving him adequate attention (although that's not the reason he gives, but it's pretty obvious anyway).
Zhongli appreciates it because he enjoys being a caretaker, providing for you and filling your needs so that you're dependent. If you're not a NEET, though, you're going to become one, because if you work from home or do online classes of some sort he'll be sure to put an end to that. It's unnecessary, you don't need to be working, and what good is schooling when you'll never need it? It's a waste of time and money. Instead, you can relax and do the things you want, your hobbies, shows and games, that sort of thing... won't that be nice, to never worry about needing to have your needs taken care of? In fact, while he'll still demand you spend some time off of it, he quite likes you being glued to a device. It's non-productive, which means you will be needing his provision for you... that being said, he also does set a screen time limit. It's bad for your eyes, you know. Oh, and you can get away with a bit more, seeing as he's not really familiar with how to monitor a device to begin with.
Finally, Albedo and Kaeya appreciate it simply because they are both the type that prefers you shut away, where he doesn't have to worry. The more compliant you are, the easier it makes things for them, you know? However, both are very, very insistent on monitoring your device activities. Kaeya will put one of those parental apps that lets him see your internet history and social media activity. Albedo goes a step further, buys a spare phone and connects stalkerware to yours -- the sort of thing that allows him to see your phone's screen activity in real time, every tap you make, everything you start to type but then delete, what you're scrolling through in your phone's gallery or notes, all perfectly laid out on the one he's holding, even when he's away working. So enjoy living with the knowledge that anything you're doing on your device at any given second could be being actively watched as you do it :)
146 notes
·
View notes
Text
on the topic not mad at anyone but mutuals if you see this in the future can posts relating to parental supervision software/stalkerware/spyware be tagged with "noc don't look" or smth like that 💖 i am trying to win at taking care of myself. will add this to my pinned
10 notes
·
View notes
Text
honestly nothing pisses me off more than stalkerware like ur such a bitch fr if ur installing that on ppls stuff. an absolutely deranged fucking freak if you will. & also if ur considering putting stalkerware on a romantic partners phone u need serious help, schedule a fucking therapy appointment bc there is absolutely no reason to violate another person so extremely cheater or not. there's other ways to find that kind of information out if u suspect infidelity, but violating someone so severely is not something u can ever come back from & I promise it makes u just as bad of a person as they may be bc ur leaving not only urself with long lasting paranoia & suspicion but that person too & thats not way for anyone to be forced to live
#also stalking is fucking illegal!! don't do that shit to anyone the psychological harm alone makes u a mega fucking ass#tw stalking
4 notes
·
View notes
Text
iPhone and Android owners warned of horrifying ‘stalkerware’ apps spying on everything you do
iPhone and Android owners warned of horrifying ‘stalkerware’ apps spying on everything you do
IPHONE and Android owners have been warned about creepy apps that allow controlling partners to spy on their other half.So-called stalkerware apps can be installed on devices that jealous boyfriends or girlfriends have access to \- and they’re hidden from the home screen so
Read Full Text
View On WordPress
#iPhone and Android owners warned of horrifying ‘stalkerware’ apps spying on everything you do#News#Tech#Top#UK#US
0 notes
Last Seen Blogs
morganterry601-blog
Executie
tetsuya1004
Tetsuya Life ~Watashi no nichijō seikatsu
craysys
EL HOY+18
mbjfict8a0y
Untitled
ladybardowl
Owl's Tumblings