Having a hardware embedded unique ID that can be (is) used for tracking a known persons location at all times is probably the most intrusive privacy violation we've ever had. That we willingly carry these things around and naively throw the repercussions out the window is the result of the death by a thousand cuts.
We've long lost the war on privacy.
Meanwhile, nobody has ever said anything about the serial numbers of hard drives, GPUs, motherboards, RAM modules, Ethernet MAC address, etc, etc, etc. Nowadays, basically everything comes with one UUID.
Pretty illogical, isn't it?
> We've long lost the war on privacy.
Agree. I understand UUID is important in engineering for many purposes, but the fact that nobody is talking about it anymore (because they are nothing when compared to more severe issues like fingerprinting) indicates we've long lost the war on privacy.
It’s not like any of these are phoning home (I hope), or married together, so there’s nothing to kill clones.
It will be an amazing video, but good luck if the device in question has (very likely):
* a mask-ROM / OTP-ROM for a serial number - almost all microcontrollers and EEPROMs sold nowadays has at least one permanent and unchangable UUID for hardware tracking and DRM implementation (security-through-obscurity tricks to prevent rogue competitors from copying your firmware).
* "firmware read-protection" - which means the only way to dump the EEPROM is performing a full-chip erase and destroy the entire firmware, commonly used in embedded systems to stop rogue competitors from copying your firmware.
In many cases, this isn't for anything user-facing. Unique ID chips can be very useful for detecting factory-overrun counterfeits ("oh, your $widget does this notable, nonfunctional behavior? Where did you purchase it, perchance?").
Firmware is largely closed-source, so all you can do is hope.
When purchased, it had an IMEI of all zeroes, and came with a step by step guide to setting the IMEI from my old phone into it.
Apparently that works around phone providers who blacklist or whitelist certain manufacturers.
It's an awesome Chinese $50 android phone.
Because it hasn't passed all the network tests, most mobile networks would block an entirely random IMEI, so they suggest you type in the IMEI from your old phone (as long as it's 4g - if it isn't, they have a support email address you can contact and they'll give you an IMEI that works in your country)
Even the legit Umidigi A3 Pro's (which cost $80, and have proper certifications) have an 'imei change' tool.
Let's not forget every single page printed by a color printer.
BTW, how does Windows hash your hardware serial numbers for DRM nowadays? I haven't used and checked it for a long time. Is it still the harddrive and the motherboard?
Don't run spyware on purpose.
Couldn't that be ... any software?
My impression is that there used to be more awareness, concern, and forward-looking/vision about such things.
(I even recall techies being shunned for doing the tiniest fraction of invasiveness/recklessness that some major companies do today, yet those companies are now regarded as prestigious places for techies to work.)
I remember uninstalling software and dismissing it as spyware for just phoning home. The very idea of a program regularly pinging some remote host to indicate the your machine was turned on and connected to the internet was offensive. Now basically every program does this, usually excused as checking for updates.
I think a lot of the problem was as it got easier for people to get online more and more people were using the internet who didn't understand the technology or how it could be used against them. They didn't care about anything but checking sports scores and online shopping and it let companies get away with taking advantage of them in ways the old nerds would never have accepted and once those nerds were vastly outnumbered by people who didn't know or care about privacy abuses the nerds no longer mattered.
But how have I formed this perspective, about a social trend? It's my own extrapolation based on... anecdotes and social media, I guess. So it's hard to know if that picture (the before, after, or how things may have changed) is accurate.
You should look for tutorials on Wireshark or better yet get a Pi-hole and block ads over your entire network while you get trustworthy stats on where your traffic is going. That's probably the easier and more useful option. Casual packet inspection used to be much easier. Common traffic like HTTP, DNS, or SMTP are increasingly encrypted, but it used to be that you'd see everything pass over the wire plainly. A lot of the data companies send home is encrypted too so you might be able to identify which apps or programs are generating the most traffic or sending it to same shady destinations, but don't expect to see what data they are collecting from watching the network.
Windows at least lets me mark a Wi-Fi network as metered today, which is a kind of global suggestion that "unnecessary downloads literally cost me money" - but I don't even know how much software except the OS itself cares.
So does the future belong to those who can administer the "thousand cuts?" In 2019, that means those who own the Cloud server farms and control the organizations that hire hordes of programmers. Does that mean that privacy is dead by an inexorable process? Doesn't that imply that individual liberty is also, eventually, dead?
How can we, the people, administer the thousand cuts?
>Doesn't that imply that individual liberty is also, eventually, dead?
>How can we, the people, administer the thousand cuts?
Stop carrying a cell phone.
There was a brief period of time, from 1990 to 8:40 AM, September 11th, 2001, when you could do all sorts of stuff online, and the powers that be either didn't, or couldn't, monitor it. That's changed, and that freedom will never come back.
However, no matter how bad the modern surveillance state gets, contrast it to the ancestral environment: a village of 50 to 200 people, most of whom are related to you, watch your every move, and can determine if you live or die. Hunter gatherers don't even have a word for "privacy". It would take real creativity for things to get that bad today.
The belief that September 11 brought in the dark times overlooks the actual history of things. The European Parliament’s ECHELON report, which detailed American massive interception and storage of internet and other electronics communications, was released in 2000. John Young’s website Cryptome was discussing the same stuff pre-9/11 that you found from people like Bruce Schneier afterwards. The revelations may not have been as big in the news like Snowden later, but it was well known that the NSA had rolled out extensive surveillance already by the turn of the millennium.
It is easily as bad or worse. Those 50-200 people knew and cared for each-other, and depended on each-other, and the surveillance was bidirectional. Whereas now you are monitored by actors almost entirely beyond your reach, that will feel no remorse in crushing you, should the command be given by whoever is in control.
Which may ultimately be a poorly tested, bias-ridden bit of AI code.
Rather than 1984, the future we need to worry about will probably be more like something from Kafka.
This morning, I learned of a YouTuber with zero strikes, who followed all of the stated rules, who proactively deleted all of his demonetized videos, and yet still had his channel deleted. (1) If you talk to YouTubers, many of them, even mainstream ones, especially successful ones, will tell you that being governed on that platform is indeed Kafkaesque.
(1) - Black Pigeon Speaks. All of his opinions that I listened to were trash, but I still think he had the right to express them.
It already is controlled by a poorly tested, bias-ridden, strange AI system, called the market.
How about stop using the Internet, driving a car, and participating in the economy? I don't think that helps.
And then people go to extremes with Tor, Noscript, Bitcoin and the like which would be completely unnecessary if the basic privacy requirements were fulfilled.
A bit of unnecessary FUD alarmism here. Seems like today's answer is no, probably not. It's just very difficult, requiring (i.e.) policy changes and mass adoption and transparent phone companies willing to not do dirty things with cellphones. I still think humanity can figure something out, people just have to step up.
The IMSI identifies the subscriber (and/or the SIM card) even if you change phone.
As long as people are able to call and be called and as long as people need to be billed there has to be a reliable form of identification.
This is not an "intrusive privacy violation", it is, as you point out, a technical requirement of our willingness to be reachable and most people think that the benefits far outweigh the very limited drawbacks.
Secrecy of user nyms is trivially solved by existing mix networks (eg TOR onion services). Network access/billing could be solved by blinded signature tokens or some other untraceable bearer instrument. Implementing latter would take cooperation from the network provider, or at least an MVNO and SIM manufacturer, but it is indeed possible.
This is the danger inherent to full enumeration of the technologically enabled envelope. This is also the danger of the "market"; as it incentivized the ability to clearly specify the "who" of the customer.
It's why I've been getting increasingly uncomfortable with the economic push away from cash as the primary medium of economic exchange.
The death of the payphone marked the beginning of the end for infrastructure that wasn't in some way dependent or useful as a means of user surveillance.
If you are friendly with SA you can put pressure on them to improve. If you declare them an evil enemy would the outcome be better?
There is a path to walk and it is not easy to find the right one when you have to deal with reality not just idealism. The natural resources in the middle east are important to the world and it is not so simple as an 'us vs. them' because there are many entirely separate interests in the region and we play them off each other.
Maybe it would be better to do a Star Trek style prime directive of completely cutting off countries until they have a certain level of social development, but you would have to come to terms with knowing bad things were happening and actively deciding to do nothing.
> There is a path to walk and it is not easy to find the right one when you have to deal with reality not just idealism. The natural resources in the middle east are important to the world and it is not so simple as an 'us vs. them' because there are many entirely separate interests in the region and we play them off each other.
> Maybe it would be better to do a Star Trek style prime directive of completely cutting off countries until they have a certain level of social development, but you would have to come to terms with knowing bad things were happening and actively deciding to do nothing.
If the US was friendly to all countries in order to exert pressure on them this might make sense, but in light of actual US foreign policy with respect to North Korea, Iran, etc. it's completely absurd to pretend that the US is being friendly to SA as a means to effect change.
Agreed. Also, where's the change? It feels like I've been hearing the same thing about SA since I was a kid.
I lament the position of these women. I lament the position of a lot of men and women in the Kingdom. But the best I can do for them is to vote for politicians who won't support bloodthirsty tyrants like MBS. That's all that most Americans can do for those people. We're not a bad people, we're just ruled over by elites with no conscious. There's a difference.
People said the exact same thing with China 40 years ago. Nobody is pressuring on them to do anything and they couldn't care less.
Why do you think the royal family constantly panders to religious extremists? they are actively spreading the most orthodox version of Islam in every charity and mosque they finance.
They (the royal family) couldn't care less what the "west" thinks, they know western leaders are as corrupt as they are.
hm? china went from the deaths of the cultural revolution to a working society which is now, in certain regards, miles ahead of others. the massive advance of this society is due in no small part to countries such as the US (trade) and the UK (HK).
At some point after “peak oil” SA seems likely to experience extreme social upheaval - perhaps even revolution or civil war. One hopes that this could serve as a catalyst to build a more tolerant and inclusive society.
This is true.
"US policy makers seem to view them as a necessary evil until we transition to renewable energy."
This is false. There is nothing at all necessary nor evil, relative to the United States. We use the middle east to establish a protection racket on oil flows to the rest of the world.
The United States gets zero, or near zero, oil from Saudi Arabia. The same is true for the UK which gets oil, almost exclusively, from the North Sea. We don't need Saudi Arabia for anything - certainly not as a "bridge to a renewable future".
We choose to hold the rest of the world (particularly Europe and Asia) at gunpoint with a "nice flow of cheap energy you have there ... sure would be a shame if anything happened to it ..."
"At some point after “peak oil” SA seems likely to experience extreme social upheaval ..."
A reduction in Saudi production increases prices everywhere.
There is also the Israel question which makes the US position pretty complex.
Yes. The world would be a better place if people did the right thing. It's not complicated, really. In this particular case: see a regime that dismembers journalists and hunts women who "run away"? Don't deal with that regime, or anything that is related to it.
To point out the obvious, invading other countries, bombing "terrorists" without due process, meddling in affairs of people across the globe, increasing oil production and doing nothing about the upcoming climate catastrophe should all be considered as "NOT the right thing to do".
Of course, with a statement like that, there will always be plenty of butsayers. "But..." [and here goes a list of various muddy reasons why everything is relative].
I'll start off by saying that in a world without Saudi oil, the world economy will collapse, and the economic prosperity implicitly assumed by our modern progressive values will evaporate, leaving us with a Stone Age economy and the Medieval values that come with it.
Funny :-) This is 1) untrue, the world can do very well without Saudi oil, and in fact our future would be better without it given the upcoming climate catastrophe, and 2) exactly the kind of muddy scaremongering reasons I expected.
Just do the right thing. In the long term, we'll always be better off.
False dichotomy, one could simply maintain distance. We do declare Iran to be an evil enemy despite the fact that Iran has considerably more in common with the US than SA does: it's quasi-democratic with an established religion, has considerably greater social and economic diversity, occupies a superior strategic position, and rests on a vastly more solid historical foundation.
Let's fix that. X-Prizes for not using oil, but something else renewable.
Or generally doing any number of the malicious and horrendous things we do here in the U.S.
Well, the West went and took down the regime in Iraq, but some think that didn't go so well, either. SA is ruled by a clan and king, so it's not a full theocracy at least. If you go and perturb things, there is also room to make the situation worse.
Also, it's clear that sanctions are a much more powerful weapon than invasion. Western sanctions (or embargo) on SA oil would certainly put them in a tight(er) spot.
Of course, it COULD be bad. Real bad. Hand-waving away such concerns is irresponsible. Having a major oil source friendly to an often hostile nation could have real, even deadly drawbacks.
But so too does always turning a blind eye. If we had gotten into this relationship and worked to reduce the threat (such as investing in other energy sources) we'd be in a better position, we could be at a point to change the relationship at reduced risk. We didn't, and we need to face the concrete realities we're supporting out of fear of hypotheticals.
Because now we may be safer, but we're supporting what we proclaim to be against. When we wield moral superiority, it's undercut. When we tell our children to be patriotic, we know the legacy we're leaving them.
Since the start of the cold war middle eastern states have balanced/played off against each other between the US (and the west) and Russia (previously USSR) when it comes to weapons and lots of other things.
I mean the Egyptians had soviet supplied fighters flown by actual soviet pilots fighting against the Isreali's in American and French supplied air craft.
The US sold Israel better fighters, the soviets sold their potential enemies better SAM's.
Or Are you not aware that the monarchy is already Islamic, of the kind least tolerant towards personal freedoms?
What's your point?
Some of them turned around and treated people who didn't fit in with them even worse than they themselves had been treated when in Europe. I can think of a couple groups who, in retrospect, the natives should have killed on day 1.
The Ruler is now not at fault, because God told, and used, the Ruler to do the deed. The Ruler is absolved of responsibility - God's Will.
...do you see and understand the difference?
Also, "unwavering ally" and "we'll remove their state and let the country fall into civil war" aren't the only options on the table.
Of course it’s possible Iraq would’ve gone different without the Coalition Provisional Authority’s early orders.
If the last several dictators ousted from nations in the middle east teaches us anything it's that we do not want the hydra. It cost trillions of dollars and thousands of lives to dump all the crap out of the Iraq vacuum. Egypt was teetering on the edge for quite awhile after the arab spring. Libya is still in ruins. Syria speaks for itself. Afghanistan is slipping back into Taliban control. Every time we touch it it gets worse.
While I think we can all agree that totalitarian rulers are not the global maximum they seem to be a pretty clear local maximum in the middle east. The situations that develop in their absence are so much worse on a "suffering per time" basis that it's basically impossible to justify trying to oust them.
I believe you're right on the money with your point about a local maximum.
Even a bad ruler is better than anomie, especially for local minorities. The yazidis may not have been happy with Assad or Saddam, but I'm pretty sure they preferred them to ISIS and similar groups.
there are many undesirable countries to do business with, so what is the distinction to be made? To be honest businesses that work in either should be challenged both at investor meetings and online.
It sounds better to say you're invading a country to bring freedom to its people then to say you're invading to take their oil.
Result: Many people's location is erroneous data. No single person's use of the service is suspicious and merely reflecting a societal sentiment for privacy. Maybe some of the charging is done with renewable energy.
It’s called putting your old phone on eBay and buying a new (to you) one.
It really confuses the Saudi intelligence forces when they find a random dude instead of a Saudi runaway.
What I would like is to take advantage of some European mobile providers that have excellent roaming rates in Canada. Prices so good that a local Canadian could only dream of. I’d have 2 SIMs and put one in an rs232 interface each month that interfaces to a phone in EU so they don’t ban me for not spending enough time in the home country.
randomly roaming around would not
Most of my communication is through apps. I don't think not having a number would make a huge difference
But everything you said still applies: why does my phone need a serial number that it phones “home” with?
Then things like this get used in such a way.
Historical reasons about the Iranian revolution, cia supporting coups, etc.
Saudis and other strict regimes should look into changes that enforces protection and rights and freedom for women. The more well educated and economically integrated women are (along with men), it is better for society.
Things have started to turn corner now - media and social activists have rightly pressed case for empowering women and there are number of influential Pakistani female politicians now. Government have started silencing hardliners and have started distancing themselves.
I hope that soon Pakistanis start pushing their girls for better education and to start females to work at all levels of Pakistani economy. This is one thing that is really killing Pakistani economy and is prime reason behind our high population growth. As a Pakistani man, I see good things hopefully for women in Pakistan.
Also, very important we support Saudi/US war on Yemen and Iran. Gosh those folks are simply barbaric cavemen types!
I can imagine supplying some needy soul with a phone kitted out with a different country's international roaming plan, so that that IMEI was never registered locally, nor associated with a Saudi citizen.
The real solution is to buy a burner phone, but I don't know how easy that is for a woman in the KSA.
I've been taking you literally, just for giggles, but I actually get what you're talking about. But I only said the solution to being tracked is to separate from the phone. You're saying that's not a good solution to the problem because it doesn't also solve the (I would say separate) problem of making people aware of itself. But most solutions are like that. If you don't know about light bulbs, you can't decide to use them, therefore light bulbs are a bad solution to darkness? No, they solve darkness just fine; they just don't solve "awareness of light bulbs" very well.
Do they also give medals for bravery for that?
When the persecution of a certain group of humans is this direct and the consequences of capture so severe, I think the semantics of help are irrelevant until the danger is resolved.
> Saudi Arabia tracks runaway women by cellphone IMEI
> Engaging security forces to chase women
I'm sorry, what's the need to rephrase?