EFF's full-page Wired ad: Dear tech, delete your logs before it's too late

Oh dear. I see what you mean.

3 Likes

Holy cow! I was going to carefully read some posts there with an open mind but then for some reason I couldn’t stop thinking if I, you know, GOT FOOD? I had to leave the site to go check the bunker.

4 Likes

Some laws are made to be broken. Especially that one.

3 Likes

What does delete your logs even mean?

I assume the EFF is referring to server logs, where IP addresses and other information are associated with individual requests. You could use this information to help pinpoint real folks. Logs are usually kept for a short time and deleted, but some companies might keep these around for much longer.

Besides sites where you volunteer your personal information, ad tech companies are the ones who collect the most behavioral information on users. ( See how they collect it ) It’s how they make money, by categorizing target groups and allowing ad-buyers to bid on :eyes:. In theory they create pseudonymous user ids that are not tied to any personal identifiable information(PII), but should rules change or folks not adhere to guidelines, this could be pretty damaging.

It’s still very easy to store too much user data in pursuit of a feature. Think of Uber’s or Google Map’s location data. Useful to the feature, but harmful if stored in perpetuity and queried against.

I’m also curious to see how the IoT shape up. They’re usually pretty poorly secured, and some devices are literally just always-live mics in your house. I assume companies keep recordings of some commands just for better performance or QA purposes, but again can be telling if folks use the data in a different way.

4 Likes

Your cellphones, both smartphones and dumb phones alike, are already live mics and, depending on placement, live camera feeds. But they at least are more centrally controlled and subject to a few shreds of oversight. IOT things, OTOH, are the wild west and come with no centralization to speak of. So many little companies, easily coopted into giving access to whichever strong-armed acronym agency asks for it.

Hell, were I running the CIA (or any of the well-funded intelligence agencies), I’d start up a couple tech front companies specializing in really good IOT products. No one’s going to suspect it, and you’ve got complete access in whatever flavors your suspicious little heart desires. China is already doing this, no reason the good ol’ US of A can’t do the same thing. ((shudder))

1 Like

Your cellphones, both smartphones and dumb phones alike, are already live mics and, depending on placement, live camera feeds. But they at least are more centrally controlled and subject to a few shreds of oversight.

It’s definitely true that we’re walking around with computers in our pockets with mics and excellent cameras. That’s certainly its own issue. Besides concerns about any backdoors, or rooted phones, these phones are already subject to man in the middle attacks from IMSI-catchers that local/state US police agencies use with almost no oversight and mostly without warrants.

Hell, were I running the CIA (or any of the well-funded intelligence agencies), I’d start up a couple tech front companies specializing in really good IOT products.

:wink: Sounds like a lot of work and money. Wouldn’t it be easier to infect devices by using factory default usernames and passwords? The lack of thought here for basic security of things that connect to the internet is mind boggling.

This topic was automatically closed after 5 days. New replies are no longer allowed.