this post was submitted on 08 Jul 2023
261 points (100.0% liked)

Privacy Guides

16746 readers
2 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...


Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 1 year ago
MODERATORS
 

Does anyone know how this even works? Is the technology for this already in place?

top 40 comments
sorted by: hot top controversial new old
[–] [email protected] 43 points 1 year ago (5 children)

Commented on this article in another thread

https://beehaw.org/comment/586170

Looks like there are caveats to this law:

You would need to be a suspect in a crime that has a punishment of 5 or more years in prison in order for the phone to be geolocated.

For video/audio you need to fall under the definition of organised crime or terrorism.

[–] [email protected] 48 points 1 year ago* (last edited 1 year ago) (1 children)

Sure, the issue is that, with no transparency, cops will use it even if they are just courios what they friends are doing. This is already known to happen in the US, where cops used it to stalk their SOs or even in extreme cases women they were starting to date.

If they already have the technology in their hands, there is no way to stop them.

[–] [email protected] 10 points 1 year ago (3 children)

Technically needs judge's approval

[–] [email protected] 23 points 1 year ago

Once the tech is in place it can and will be abused. Also, non-police can find how to access the backdoor.

[–] [email protected] 10 points 1 year ago* (last edited 1 year ago) (1 children)

They should also need it in the US. The issue is, that if the tool is in the hands of the cops, there is no way to check who they spied on (and therefore if they had warrant).

At least if it was executed by a comercial entity, they can check the warrants and be liable if they do it without one. But that is very likely not how it will be implemented. The cops will get the tools to do with as they please.

As an example, one state in the US (forgot which one) put in a law that requires the police to submit every data search warrant into a public database so that they could be audited by the public. After they compared the contents of the database to number of requests in companies transparency reports, it turned out there were over 5 times as many requests in the state then what was reported in the database, despite reporting being required by law.

[–] [email protected] 2 points 1 year ago (1 children)

I really hope the power isn't abused. The second it is it will lead to more riots and even though I have in no way been directly affected where I live, it is a pain to get messages from friends abroad asking "Why is France on fire again?"

[–] [email protected] 5 points 1 year ago (1 children)

On one hand, I do want to ask why Frebch people love setting France on fire so much. On the other hand, when shit like this passes as laws, I wonder why we are not setting our countries on fire...

[–] [email protected] 2 points 1 year ago

I've lived here since 2006 and I haven't met a single person that participated in any of the riots, which are offshoots of sanctioned strikes and do not represent France as a whole. I've had some students that strike for the environment or maybe do walkouts.

The closest I came to one was a strike about police violence and I happened to be in a café and had to evacuate because of year gas. In that instance, it turned out the person they were striking for lied.

So, I can't say why they want to destroy stuff.

[–] [email protected] 10 points 1 year ago

A back door is a security vulnerability, even if the police never abuse such a power.

[–] [email protected] 19 points 1 year ago (1 children)

After a terrorist attack, emergency state was declared (nomally used in case a war actually put the survival of the country's institutions in jeopardy). First use of the extra-powers: assign some targeted pacific climate activist at home so that there would not be a protest during the COP.

Anti-terrorism bill was passed some time ago. It was used to repress the protests against the retirement bill, literally banning anyone from carrying a saucepan in the street (ban of "noise emitting devices") during a protest.

Climate protesters have been labeled "eco-terrorist" even though they never put nor attempted to put anyone's life in danger.

France is under requests from the UN for fixing severe issues regarding right to protest, police excessive violence and systematic racism in the police force. France is taking a dire path, joining Hungaria, Turkey in authoritarism, maybe evolving to a clone of Russia, as there were hint of a will to change the constitution to let Macron run again after his second mandate.

I have 0 trust this bill is intended to be used for severe crimes. It's another attempt to control and repress.

[–] [email protected] 3 points 1 year ago

Yep some of my friends left France in part for that reason - the government and police are becoming increasingly authoritarian and they left not wanting to wait for things to get worse. And they're just super nice, normal people but they could see the wiring on the wall. 😞

[–] [email protected] 10 points 1 year ago (2 children)

It's so stupid that beehaw defederated from Lemmy world.

[–] [email protected] 4 points 1 year ago (1 children)

Such is the power of federation. Beehaw can choose to do so, and it'll be interesting to see how the fragmentation issue plays out

[–] [email protected] 4 points 1 year ago

Yeah, I get it. It just seems like admins making a decision for an entire instance of users that they can't see the most popular instance anymore.

It was the first instance I joined too, which is the only reason I think about it. But Lemmy World so far is awesome and doing great things for Lemmy.

[–] [email protected] 2 points 1 year ago

You can always use Kbin instead which is still federated with all.

[–] [email protected] 9 points 1 year ago

Those caveats are just to get the laws passes.

Online piracy already carries punishment up to 3 years. All it takes them is make a law that technically holds 5 years but gets pardoned in practice.

Labeling someone a terrorist can be as simple as “collective undertaking with the aim of seriously disturbing public order through intimidation” aka protesting..

[–] [email protected] 1 points 1 year ago (2 children)

Oh ok then, that’s fine. I’ve got nothing to hide.

[–] [email protected] 9 points 1 year ago (1 children)

Ur comment is probably /s, but username does not check out for having an alt account with "nothing to hide" :D

[–] [email protected] 1 points 1 year ago

lol, I’m using my alt bc beehaw seems to be acting up rn, but it made for a happy accident.

[–] [email protected] 7 points 1 year ago

Ha, I'm sure... They'll spy the heck out of everyone. At the judge's discretion, of course 😉

[–] [email protected] 18 points 1 year ago (3 children)

I’m not aware that either iOS or Android support this.

I see two options:

  1. Apple and Google build requested backdoor access, which I don’t think they want to do.

  2. The police get physical access to the phone temporarily to install a hidden app on it. Possibly using an insider.

  3. Bad guys buy pre-backdoored phones from cops. See the ANOM story. https://arstechnica.com/tech-policy/2021/06/fbi-sold-phones-to-organized-crime-and-read-27-million-encrypted-messages/

I have not read the bill but I’ll guess they are legalizing #2.

[–] [email protected] 6 points 1 year ago

DROPOUTJEEP .... "A software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted."

https://en.wikipedia.org/wiki/ANT_catalog

[–] [email protected] 5 points 1 year ago

Yeah, if this can be done remotely then all smartphones by design are very insecure devices that shouldn't be trusted to doing card transactions or entrusting with password management and two factor authentication..

I wish they would go into more detail on the how of remote activation is made. Is it a law saying it is okay to do if it becomes possible? Is this through an exploit that was found and requires physical access to the device to initiate, or is it just a setting present on all phones by default.

[–] [email protected] 2 points 1 year ago

I've seen this news published at a few different places, and IIRC they plan to use already existing exploits. You can read a bunch about what could potentially be used on the grapheneos website, specifically on how the modem and cellular network stack is very highly privileged on android at least, and it is very likely that most cellphones are vulnerable to some kind of code injection via a stingray, for example.

[–] [email protected] 15 points 1 year ago (1 children)

Ever hear of backdoors and a little spyware called Pegasus? Technology is already in place and NSA has been doing it since 9/11. All this spyware and it isn't even effective.

[–] [email protected] 7 points 1 year ago (1 children)

Pegasus uses exploits which are getting discovered and fixed. In theory, it’s getting harder for that model to work. Apple’s Lockdown mode defends against it for example. Very different from a sanctioned backdoor.

[–] [email protected] 1 points 1 year ago

Yeah I wouldn't be surprised if Pegasus was being fixed. It's been around for years now. But there will still be 0 days. They're called 0 days because nobody knows about them yet.

[–] [email protected] 12 points 1 year ago* (last edited 1 year ago) (1 children)

On a related topic: anyone know if there are any cell phones that come with a physical switch to disable the camera and mic

[–] [email protected] 8 points 1 year ago* (last edited 1 year ago) (1 children)

I only know about pinephone and, liberty phone and librem 5 from purism.

[–] [email protected] 8 points 1 year ago

Librem 5 and liberty are the same phone and are horribly overpriced. At this point I'm surprised it's not just a literal grift like the other 'murica phones people tried selling to the American right wing.

[–] [email protected] 10 points 1 year ago (1 children)

What the hell is happening over there??

[–] [email protected] 12 points 1 year ago (1 children)

People are already pissed, so why not push through a crazy privacy invading law.
What are the citizens going to do? Riot?

[–] [email protected] 13 points 1 year ago

What are the citizens going to do? Riot?

Considering this is France, you'd think those at the top would be more aware than anyone of the risks of pissing off your citizens, but looks like they've become too comfortable and are practically begging for a refresher crash course..

[–] [email protected] 6 points 1 year ago

The Court of Justice if the EU will very likely disallow the use of this authority in the future, but it often takes time to litigate in court up to a point where an organization can proceed to the EU Court.

It's a terrible way of politicians trying to circumvent fundamental rights, even though their goal always is to prevent crime. The simply pass the bill, wait until it becomes law, start doing their business, claim victory and then complain the EU Court disallows it.

Sigh.

[–] [email protected] 2 points 1 year ago (1 children)

Fuck yea buddy, the CIA has had a backdoor to every cell phone since the first cell phone

[–] [email protected] 5 points 1 year ago (2 children)

I’m unfamiliar with evidence to support any sanctioned CIA backdoor.

[–] [email protected] 6 points 1 year ago

Snowden.

A good starting point is here:

https://en.wikipedia.org/wiki/ANT_catalog

For example:

DROPOUTJEEP .... "A software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted."

And here:

https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present)

[–] [email protected] 3 points 1 year ago (1 children)

The NSA had a program called DROPOUTJEEP according to an article in Der Spiegel. Think it came out with Snowden? Fuzy on details but you can look into it. It did include camera access but i dont think it could be installed remotely. Id be surprised if theres anything the NSA cant intercept but thats obviously what they would want us to think and Im just a guy.

[–] [email protected] 5 points 1 year ago (1 children)

There will always be spies working with exploits, which is different from a sanctioned backdoor.

I doubt the tech used in DROPOUTJEEP works anymore.

[–] [email protected] 2 points 1 year ago

Ah i see what you’re saying. No I dont think apple provides a known backdoor to french police.

load more comments
view more: next ›