Snowden helped design an app that turns your old phone into a surveillance device to help solve the "evil maid" problem


#1

Originally published at: https://boingboing.net/2017/12/22/snitchphone.html


#2

Will it also tell me if the maid “washed” the room’s drinking glasses by dunking them in the toilet?


#3

Maybe I don’t fully understand the stakes here. But it seems if you don’t want someone tampering with your hardware, it’s much easier and possibly more effective to keep it on your person or store it securely. I guess the drawback is that you don’t get any counter-surveillance on the person trying to compromise you.


#4

Not much concern for the maid’s privacy then.


#5

What reasonable expectation of privacy does the maid have in (a) a hotel room, (b) owned by her employer, (c.) that is being occupied by a guest, (d) and to which she has been assigned cleaning work pertinent to her employment? I posit that the answer is close to zero.


#6

I was mostly joking, but I think this could be argued seriously. While she may not have a legal right to privacy at work, many people argue stringently against employees being spied on by employers (monitoring emails, internet usage, etc). I don’t think this is much different from that except that it’s not the employer doing the spying. From the point of view of a maid though, if I found out someone got clandestine footage of me picking my nose or whatever, I would be annoyed whether or not I worked for them.

Does your right to data security trump the expectation by the maid of not being secretly filmed? Maybe, but it’s not irrelevant.


#7

The misdirection here is proposing a generally accepted use for what is essentially a general purpose surveillance device. Like saying you are making a gun that only shoots bad guys.


#9

What about the various laws related to recording people without their consent or knowledge? Couldn’t you get in legal trouble using an app like this in a hotel room? Is a hotel room you’re occupying given the same consideration as your home?

I guess for that matter how do laws like that affect things like dash cams or drone footage or head-mounted GoPros? Maybe since those seem to get a pass this would as well.

Maybe the laws I’m referring to only apply to very specific scenarios (e.g. recording a phone conversation), leaving everything else up in the air unless contested in court?


#10

One assumes that this is an app that could easily be reverse engineered and wiresharked, so this isn’t really relevant. Also, when it comes to security, history shows that ad hominem is not terribly effective as a security test.
Perhaps BlackBerry could develop a version for all the old BB10 phones lying around. they would have pretty good security. I’d suggest WinPho but Microsoft seem uninterested in it.


#11

The major concern here would seem to be the fact that old and/or cheap Android devices tend to… leave something to be desired… when it comes to security; and in ways that aren’t readily fixed short of a full firmware upgrade that they will never receive because their blobby BSPs have been completely abandoned and certainly never upstreamed.

They might not get to your laptop; but with an internet connection camera-and-mic widget running a worm farm available your privacy is unlikely to win.

I’m not sure why there doesn’t seem to be any vendor of lousy SoCs that realizes that maybe they could move more units by playing nice(it’s not as though the Raspberry Pi won on performance or cost; it’s the alarming fact that Broadcomm is actually atypically friendly by the hellish standards of the genre); but until that happens including a burner phone in your security plan seems risky.


#12

I suggested using BB10 devices above, but a better answer might be to choose one of the AOSP distros and a few popular phones, then produce images which simply have many of the attack vectors omitted, including the Play Store, mail client, and a few other things I can’t immediately call to mind. I’m thinking of the hardened version of Xubuntu I designed some years ago whose job was to collect SNMP data and relay it via XMPP. By the time I finished there wasn’t much that could be done with it other than turn it on and configure it through the control panel.


#13
it is likely to generate a lot of false positives (because chambermaids have totally legitimate reasons to move things around as they clean)
The example use case they presented was to put the phone in the hotel safe - not a place anyone other than you would have any legitimate reason to disturb.

The device is designed to treat every disturbance as suspicious, so obviously it will generate lots of false positives if you put it somewhere where disturbances are common. That’s not a problem for the app to solve though, that’s a question of the user’s tradecraft.


#14

Cameras in hotel rooms, what could go wrong?


#15

I’d probably buy a laptop as the batteries are getting better but then I don’t think that writes off the problem of keeping secure since it appears that carrying anything electronic is going to be targeted


#16

Position a dozen Elves on the Shelves around the room. And a hidden camera to catch the reaction.


#17

Recording in public places is legal, no consent needed. So dash cams are safe legally.

Recording someone, where they have a reasonable expectation of privacy, is where laws vary. I think since the recording is being used as an alarm, It’s less likely to be an issue.

In the end, I’d rather know my equipment was tampered with, than worry about recording laws.


#18

Keeping the hardware on your person can be very risky in certain parts of the world; it’s also unacceptable to bring anything larger than your phone to certain social functions. At some point you’re either going to need to trust someone else, or leave it locked in the safe. And hotel safes are always accessible to the hotel’s security or maintenance personnel.

So you can either harden the hardware against physical attack, or try to prevent it from being compromised by the maid.


#19

It may depend on whether you’re recording video only, or video and audio. Audio recording has more strict consent laws than video in general. This is why many in-home surveillance cameras (nanny cams) and taxi/Uber security cameras record silent video.


#20

Sounds cool. I just wish I could get those Kremlin fingerprints off of it.


#21

This topic was automatically closed after 5 days. New replies are no longer allowed.