Meeting the 'Russian' woman and going along with her irrational story and the suggestion of drugs being supplied and her 'loving' him all sounds like an exploitative relationship. Consistent with a sex trafficker.
Swapping SIMs (to change phone identity - albeit poorly) and only using for a few weeks indicates someone used to taking steps to avoiding tracking/identification. Not someone new to criminal activity nor evading detection.
Being overnight at homeless shelters suggests he was more likely exploiting women at these shelters rather than him being homeless and sleeping there (I'm astonished the filmmaker started for feel sorry for him at the idea he was homeless - that's just naive; this was someone already demonstrated to be heavily involved in criminality).
Trying to confront him at the property and finding an aggressive person with a strong smell of drugs at least gave a reality check. This is a dangerous criminal and it was reckless to go near him.
An older homeless man fits the profile just as easily.
> I'm astonished the filmmaker started for feel sorry for him.. that's just naive; this was someone already demonstrated to be heavily involved in criminality
I think you should spend more time in society of this astonishes you. We're an incredibly empathetic species, often going out of our way to connect with people and help them out. Especially when they are members of our communities.
Developing a connection with people you are viewing isn't even uncommon. Media and entertainment exploit this (and we love that they do) by getting us to connect with characters in TV shows and movies. Analyst and investigators are often encouraged and evaluated to ensure their emotions aren't effecting their performance, and victims of kidnapping often learn to love their captors. A young student feeling a connection with a man who appears to be on the outs is anything but astonishing, it's called being a human.
Of all of my short-comings, understanding this is not one of them.
How does his staying overnight at a shelter suggest this at all? If anything suggests that, it's his other behavior (which seems quite like circumstantial evidence, to me).
The russian woman was just one of his contacts, and they keep cover because they expect to be observed at all times. Constant contact with small amounts of uranium often makes people confused and irrational.
And it is very common for spies to smuggle in small amounts of uranium among refugees, and this gets picked up from homeless shelters.
They also often use the cover of drugs to hide the unique smell of uranium.
> If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.
I did like the Finland never existed meme for instance, but I don't think it's really a HN thing.
Sex trafficker steals phone to stay off the radar or just a general homeless person steals phone, what's more plausible?
A sex trafficker that can't afford bus fare let alone a car? I feel like you need a car to be a plausible sex trafficker.
Or was that code?
What's interesting is that the same Girl-Power groups that push the trafficking narrative the loudest, are the exact same ones who will scream that it's 'her body, her choice' for pretty much any other situation including custody, abortion and reproductive rights, etc.
So the solution to the problem is to continue to maintain prostitution's illegality, or at least moral stigma, but just penalize and shame the men, while asserting that the women are just victims.
I couldn't find them in a google search, that is not surprising as is quite a topic, but a quick search brings that there are 40 million people involved in prostitution, and 4.5 million have been victim of sex trafficking. That gives a rough estimate of 1/10 prostitution related transactions directly involved with human trafficking, so the use of "vast majority" is called into question.
I'm just realizing, though, that what really irks me is that the GP is using himself some kind of straw-manning himself. I've never found an prostitution abolitionist that pointed to sex-trafficking as the "big problem" in prostitution. The big problem is always women who are drawn into it involuntary, or more precisely, would very much rather do any other thing in the world. Sex-traffic is not an straw-man, but an global expression of the worst face of prostitution, and some people would say that an incidence of 10% is enough reason for pushing for the complete banning.
The reason I didn't address the second point, or the rest of the comment, is that I'm not really interested in discussing what other people discuss on such a flamewar-baity topic.
4. Why did you feel sorry for the thief?
I started to feel sorry for the thief because I interpreted all of the data I got in a way which made me feel sorry for him. What if I wanted to see him as a criminal? Or a terrorist? The data would allow me to do that because some of his behaviour can be found suspicious. In the end I was actually shocked when I saw the guy in real life. He didn't look as lonely, sad and old as I thought he looked in the footage I took. Instead he looked pretty fit, smelled like drugs and came very aggressive and suspicious towards me. I saw this man every day, two weeks long so I thought I knew him. The para-social band I had with him (a one-sided band trough a screen) fooled me.
No, I never had the courage to actually try something like that. This phone hack seems like a modest equivalent with the exception that the phone could be unhacked by a forced OS wipe.
That said, the effectiveness of this as a surveillance tool was pretty eye opening. It seems possible that the criminal in this story steals phones every couple of weeks and puts their sim card into it, use it for a while, and then resell it. Which is pretty good operational security when you think about it (caveat keeping the same sim card) Mapping the meta data and contacts for this person then lets you know who else is in their community.
So with law enforcement powers you could presumably "seed" the stolen phone market with pre-compromised phones and develop a pretty quick understanding of who the criminals were, their infrastructure for moving phones around, etc. Which would make it pretty straight forward to roll up these criminal networks. Of course when it became known that the police were seeding the stolen phone market with 'mark' phones it would probably cut down on the number of phones stolen. But if you have prepared for that and are now supplying a line of cheap "new" burner phones in the shops that you have compromised. Well it is scary how effective that might be.
Now you tie that analysis with the fact that the Paris attackers all had burner phones and you start to see how such actions by the authorities would be justified to law makers.
However, it is worthwhile to know that he did disclose that he is a reporter, although the fact that he gave them free credit cards, but could not bring self to find further assistance leaves a bitter taste in the mouth.
That said, OP reminds me of two interesting DEFCON talks    re similar issues. In the contexts delivered in the talks, it seems permissible to say that the crooks were fair game.
1- DEF CON 18 - Zoz - Pwned By The Owner: What Happens When You Steal A Hacker's Computer (https://www.youtube.com/watch?v=Jwpg-AwJ0Jc)
2- DEF CON 23: Confessions of a Professional Cyber Stalker (https://www.youtube.com/watch?v=zVJGY2bZ-Ko)
3- bonus resource on how to set up something similar to Zoz's Inspired by the defcon hacker who found his stolen laptop... how to update for present day routers? (https://www.reddit.com/r/Defcon/comments/2428pf/inspired_by_...)
Edit: LCBO, in the article, is apparently the state-run liquor stores in Ontario.
I'm low on time right now and if I were to comment on it I am afraid I would omit important details. But the gist of it is that the student carefully made sure that privacy was kept intact, and that he carefully avoids a witch hunt.
In some countries, it is illegal for the police to do entrapment as part of their job. In some places its legal, but the fact that the accused got entrapped means that intentions are harder to prove, which then impacted the verdict.
Surveillance laws in turn generally don't cover this situation. If we ask our self if the thief has an reasonable expectation of privacy when stealing a phone, I would say no. If we ask if the thief has an reasonable expectation of privacy from a stolen phone, again I would say no. This leaves specific video video and audio surveillance laws, and I would say its quite unclear, through I suspect that commercial aspects could likely have some influence over it.
Apple has since deleted the account that my iPad synced with. I am completely unable to use the iPad after upgrading it to the latest iOS, as my account simply doesn't exist. I even tried registering an account with the same username/password combo. It registered, but the iPad won't have it.
If there is a way to circumvent iCloud protection, I'd love to know.
I gave my only iPhone 5 to my father, i had forgotten to disconnect it from my account and it was looked to a carrier. They "fixed" it in an hour.
I know there are paid tools for phone cellular network unlocking which do work, and I assume those have some kind of internal access. Don't have experience with icloud though.
People often make bad choices in their life. Sometimes it is easy to understand why, other times it is really obscure. It is my experience that even when someone makes such a bad choice, they rarely understand how bad it is. People are strangely optimistic in this way. People weigh alternatives based on the best case outcome. If an alternative does not give them what they want, they will disregard it out of hand -- even if it turns out to be the best course of action. Ironically they will consider it stupid to pursue something that has no chance of leading to what they desire. Instead they will dig themselves a pit they can't get out of.
Having done so, they will often remark, "It is so unfair. All I wanted was X, which should be everyone's right. Society has let me down so badly, why should I care about anyone else?" I remember being taught in high school that a tragedy is a type of story where the main character's own actions lead to their downfall. In that way, I have witnessed many tragic stories. I have, indeed, been party to my own personal tragedies.
I also believe that deterrents are not particularly effective in these cases (because people optimistically believe that the deterrent will not apply to them). I don't, however, believe that most people will make the same choices in the same circumstances. Neither do I believe that most people's situations are hopeless from the beginning.
Having said all that, I am powerless to act because I have no idea how to help people who make bad choices. I have a hard enough time doing it when people decide to choose some ridiculous framework rather than to write code. I hope, over time, we as a society will be able to help people like this more effectively, though.
The easiest way to install Cerberus as a system app is with the "Convert to system app" feature of Link2SD: install the app, open it, long-press on Cerberus in the list of installed apps and select "Convert to system app".
I had Cerberus installed for several years. I converted it to be a system app after watching the video. Now I secretly hope to be able to record something similar if it gets stolen.
After that you can set it to be run only with a specific number entered in the phone dialer, so the shortcut isn't visible in the app drawer.
You have to really know about Cerberus to find it, or be knowledgeable to re-flash the device when you steal it. That's what it makes it a very good anti-theft app.
Lifetime license otherwise costs 3$ for up to 5 active devices at the same time, so it's quite cheap. I bought it 4 years ago and used in on about 5 different Android phones, you can remove older unused devices to keep the limit down.
The main difference between this and other solutions or Android Device Manager is functionality to control the device over SMS commands. Because ADM is useless when the device doesn't have internet connectivity. Even when someone takes out your SIM and inserts another, Cerberus notifies you about the new SIM and sends you the number of it, so you can control the device over the new number.
Does he address it in the video?
In all cases, the criminal, not the student, determined where the phone was and whether it was in use or not (without permission). The student simply used his property where it was located, which is clearly his right to do. The property still belongs to the student. He has reasonable discretion to use it as he wills.
In the battle of "rights" it seems the student would be within his rights under the circumstances. This is not to say the student is within his legal rights: legally recognized rights have a long history of not correlating to any reasonable definition of individual rights. So the law may very well be in the wrong on this matter.
I'm very much for rights of privacy and the like, and a person should not be subject to search or eavesdropping without due process and probable cause. But this case seems very straight forward in terms of a criminal losing a right of privacy due to inviting another into his life. Wages of theft you could call it.
As with all these things, the issue probably comes mostly down to intent.
My comments where in context dealing with criminal and a victim. I made clear that the voluntary actions of the criminal are what made the subsequent actions of the victim justifiable as the victim didn't relinquish rights to his property. In your example the phone owner is the voluntary actor and the unwitting person coming after is the involuntary victim. Naturally the cases aren't on par.
It's all about expectation of privacy. You are not protected from invasion of privacy in a public place, because there is no expectation of privacy there. And I expect a jury would also find that there is no expectation of privacy when you break into someones home and use the bathroom or steal their phone/camera and take it to your own home.
And I'm not saying you can't take photographs in public places. What I'm saying is that the binary concept of "expectation of privacy" doesn't apply in the EU. Even in the street there are some protections, such as from CCTVs :
This means that cameras attached to a private individual’s home may, in certain circumstances, no longer be exempt from the requirements of the DPA under section 36. Those circumstances are likely to include where the camera monitors any area beyond the interior and exterior limits of that individual’s home. This would include any camera to the extent that it covered, even partially, a public space such as the pavement or street. (...)
If you have set up a live streaming camera available to the public so that they can, for example, assess which route to take on their journey to work based on the level of congestion, you should ensure that it is appropriately zoomed out so that individuals cannot be identified. If individuals can be identified then this will need to be justified and shown to be necessary and proportionate.
It may depend a lot on what state you're in. There are states with stronger statutes about camera surveillance and invasion of privacy than others.
(I'm talking about the US; I don't know what the situation is in other countries --- or rather, I know even less about it).
In some culturally regressive countries, the law is used to prosecute the victims of rape. Such law is wrong and immoral... but in those countries it's the law and as a real victim on a moral level you are not "safe" from the law as you say.
My argument about what is right and wrong comes from the fact that I do not lose the right to use my property when it is stolen and the criminal loses certain rights when they voluntarily commit a theft. Of course the likely most sensible case is to use tracking, monitoring, etc as you suggest to bring the criminal to justice. But, if you steal a device that can be remotely controlled and monitor you: you lose the right to privacy because part of your theft was to invite me (by way of my property) into your life. The victim didn't ask to be invited, but the criminal made sure the victim was there. By the way, there's a lot worse the criminal gives up at the moment of theft: the right not to be assaulted by me is lost... take my phone a start to run away, I may well cause you to trip and injure yourself to protect my property: I exercise retaliatory force to defend my property, and because you initiated force to take the phone (not necessarily direct violence) you loose the right to be protected from such action. Again: this is moral argument, not necessarily legal... there are plenty of laws around the world more willing to make a victim the criminal and the criminal the victim on criteria going well beyond any willful act (social status, group identity, etc.).
I'm not a lawyer, but it seems to me yes. The thief's right to privacy is being invaded. It's not because he broke the law that he suddenly no longer has any rights. Just like you can't shoot somebody just because he broke into your house (in Europe; I'm aware of the castle doctrine).
Also, you don't get to mete out the punishment if you're wronged, that's the role of the judiciary.
This seems to imply the owner's right to "access" their device ends at the moment of theft (or loss of physical retention of the device). I don't think that's clear. I'm not aware of any case law that deals with this, however, and it could be something we see in the future as, say, self driving cars get stolen and someone can remotely access the dashcam.
(I am also not a lawyer, so if there are any actual lawyers reading please chime in as I think this is a super interesting topic.)
I don't think it implies that. But the two rights are in conflict and need to be balanced. One does not automatically override the other in all circumstances. It would probably ok to access the phone to locate it, but spying on the thief like in the video seems to clearly cross the line of legality. Of course, this also depends on the jurisdiction...
Interesting. I wonder where on the spectrum things like trail cameras fall - those have become ubiquitous with hunters as motion sensors, flash storage and digital and IR camera technology has gotten cheap.
However, the author doesn't want viewers to try similar projects, and also did the project to inform people of the massive privacy issues concerning smartphones. From his FAQ:
"5. Why won't you teach us how to install the app like you did?
Besides theft, I wanted to make a point and start a discussion about privacy on smartphones without actually making a film that even mentions the word privacy. This is why the project should not be reproduced. I think the film makes the point, doing it again would be for entertainment purposes which I didn't.
I hope people who see the film will realize the risk of getting hacked on smartphones, by hackers and governments. On computers, most people use virus scans, install updates and some people even put tape on their webcams while almost nobody even considers how vulnerable a smartphone is, and what the implications of getting hacked mean. I think the film already created a lot of awareness and started discussions about it."
Also, quoting from his YouTube page:
"Anthony is a director, researcher and concept developer. In June 2015 he graduated from the Willem de Kooning Academy with his film Find my Phone. Anthony uses technology to tell stories in his work and has special interest in software and hardware development, hacking and privacy. He is currently working on developing a new documentary series and several other projects."
The above suggests this was just an art project. That doesn't mean it is exempt from law (personally, I believe he broke the law, and if you're interested wether this is true or not in NL I can highly recommend a lawyer, Arnoud Engelfriet, who might address the question on his blog), but it does show his intentions.
If that's what the law says, then the law is broken.
The concern is how it got stolen...
It is illegal to leave your car running while walking into a shop and coming back a minute later. Not sure about a good English translation, but you are urging someone to steal your car.
Depending on how his phone got stolen (it was a setup), he could be charged with something similar.
If they try to talk you into it on the other hand...
The card/account owner clearly has a right to know the activity on their card. The usage information are facts. They can't be copyrighted by either the issuer or the account holder. I don't see where any privacy rights for the thief come into play, they definitely did not agree to be bound the the account terms and conditions.
What could be true is if the account holder violated the terms and conditions by knowingly allowing someone else to use the card. I'm actually not even sure what my license agreement allows, but it wouldn't surprise me if technically I can't give my card to a spouse or child to use, instead the issuer wants additional cards issued to make sure anyone using the card is bound to the account contract.
These rights must apply to everyone. If you catch an intruder in your home, you can't tie him up and beat him with a crowbar, either. If someone attempts to mug you in the street, and you overpower them, you're not allowed to take money out of their wallet.
It's like feeling sorry for a rapist because he caught a venereal disease from his victim.
Director develops sympathy for him, even sends him free credits because the spyware is eating his bandwidth. Later goes to one of the thief's hangouts and realizes that in fact, the thief is a weird scary guy and not lovable at all.
Sequel hook: phone has been reactivated in Romania. Stay tuned for next episode. "Diversiteit is onze kracht."
I had a co-worker who had his iPhone stolen... and it ended up in some other country. He locked the phone (standard iPhone capability) and then got contacted by the new "owner". That person obviously didn't steal it (east coast US -> somewhere far away).
I'd worry about recording someone who simply bought a "used" phone on ebay - and the legal ramifications of such a move.
If you watched the video, you'd know. Also, from the FAQ:
"1. How do you know the guy in the pictures is the thief?
Please watch the film again, we were witnesses of the theft and filled a police report which described the person we later saw in the pictures. Besides that, there is a lot of supporting evidence for the fact the thief didn't sell the phone the fist few days. I won't go into to much detail now. If you don't believe that there is an other argument: The person who used the phone must have known the phone was stolen because it had all my pictures and accounts still on it for a whole week. If he bought it, which he didn't he at least could have known the phone was stolen because of that."
Personally? I can't agree that they "must have known"... I know PLENTY of people who have smart-phones and wouldn't know how to find pictures or be able to tell which accounts a phone was connected too...
Looking at the story (now that I've seen it), the phone also went offline for the first 4? days... that's enough time for someone to sell it and a "clueless" person to start using it.
While I assume it's illegal to buy stolen merchandise - knowingly or unknowingly... my basic question is still to the legality of recording someone using stolen merchandise to this length of time and level of detail.
You know this "Google" thing? You can look up the spelling there, if you don't remember countries names from school.
Under Dutch law you'd have to return the phone to the legal owner, there are a couple of very specific exemptions that would make you the new owner. So don't buy stuff that is too cheap, ask for the original receipt/invoice, check the serial number in the police database, etc. to make sure you are not knowingly buying stolen goods. You could get punished for that too.
If you could reasonably have known it was stolen (i.e. because of the low price) you can also be fined or criminally punished.
An unwitting buyer in good faith becomes owner of that phone, because the transfer of the good is, briefly put, valid (articles 3:84 and 3:86 sub 1 of the Dutch civil code). Now it's true that the original owner can revindicate (that is, 'claim back') the phone from the buyer (within 3 years and within some other small boundary conditions). This follows from the exception to 3:86 sub 1 in 3:86 sub 3.
I'm saying however that this right to revindication is irrelevant here. My point was (but again I'll freely admit upon rereading it that my wording didn't actually make this point), that the phone at the time of the spying was the fully, legal property of the buyer; and as such, that they have the full legal protection any owner has or would have. So you can't make a legal claim 'oh but that guy who bought it wasn't the owner so we could do with the phone as we pleased'. (Which is what I read as the worries about recording someone who bought a phone off ebay - the worry that the guy who did this could be legally committing the same 'thing' anyone else would be doing when abusing someone else's phone to spy on them).
(While I'm not technically a lawyer, I do have a Dutch law degree, although of course that doesn't make me all-knowing and I've often been wrong before)