Having a hardware embedded unique ID that can be (is) used for tracking a known persons location at all times is probably the most intrusive privacy violation we've ever had. That we willingly carry these things around and naively throw the repercussions out the window is the result of the death by a thousand cuts.
We've long lost the war on privacy.
Meanwhile, nobody has ever said anything about the serial numbers of hard drives, GPUs, motherboards, RAM modules, Ethernet MAC address, etc, etc, etc. Nowadays, basically everything comes with one UUID.
Pretty illogical, isn't it?
> We've long lost the war on privacy.
Agree. I understand UUID is important in engineering for many purposes, but the fact that nobody is talking about it anymore (because they are nothing when compared to more severe issues like fingerprinting) indicates we've long lost the war on privacy.
It’s not like any of these are phoning home (I hope), or married together, so there’s nothing to kill clones.
It will be an amazing video, but good luck if the device in question has (very likely):
* a mask-ROM / OTP-ROM for a serial number - almost all microcontrollers and EEPROMs sold nowadays has at least one permanent and unchangable UUID for hardware tracking and DRM implementation (security-through-obscurity tricks to prevent rogue competitors from copying your firmware).
* "firmware read-protection" - which means the only way to dump the EEPROM is performing a full-chip erase and destroy the entire firmware, commonly used in embedded systems to stop rogue competitors from copying your firmware.
In many cases, this isn't for anything user-facing. Unique ID chips can be very useful for detecting factory-overrun counterfeits ("oh, your $widget does this notable, nonfunctional behavior? Where did you purchase it, perchance?").
Firmware is largely closed-source, so all you can do is hope.
When purchased, it had an IMEI of all zeroes, and came with a step by step guide to setting the IMEI from my old phone into it.
Apparently that works around phone providers who blacklist or whitelist certain manufacturers.
It's an awesome Chinese $50 android phone.
Because it hasn't passed all the network tests, most mobile networks would block an entirely random IMEI, so they suggest you type in the IMEI from your old phone (as long as it's 4g - if it isn't, they have a support email address you can contact and they'll give you an IMEI that works in your country)
Even the legit Umidigi A3 Pro's (which cost $80, and have proper certifications) have an 'imei change' tool.
Let's not forget every single page printed by a color printer.
BTW, how does Windows hash your hardware serial numbers for DRM nowadays? I haven't used and checked it for a long time. Is it still the harddrive and the motherboard?
Don't run spyware on purpose.
Couldn't that be ... any software?
My impression is that there used to be more awareness, concern, and forward-looking/vision about such things.
(I even recall techies being shunned for doing the tiniest fraction of invasiveness/recklessness that some major companies do today, yet those companies are now regarded as prestigious places for techies to work.)
I remember uninstalling software and dismissing it as spyware for just phoning home. The very idea of a program regularly pinging some remote host to indicate the your machine was turned on and connected to the internet was offensive. Now basically every program does this, usually excused as checking for updates.
I think a lot of the problem was as it got easier for people to get online more and more people were using the internet who didn't understand the technology or how it could be used against them. They didn't care about anything but checking sports scores and online shopping and it let companies get away with taking advantage of them in ways the old nerds would never have accepted and once those nerds were vastly outnumbered by people who didn't know or care about privacy abuses the nerds no longer mattered.
But how have I formed this perspective, about a social trend? It's my own extrapolation based on... anecdotes and social media, I guess. So it's hard to know if that picture (the before, after, or how things may have changed) is accurate.
You should look for tutorials on Wireshark or better yet get a Pi-hole and block ads over your entire network while you get trustworthy stats on where your traffic is going. That's probably the easier and more useful option. Casual packet inspection used to be much easier. Common traffic like HTTP, DNS, or SMTP are increasingly encrypted, but it used to be that you'd see everything pass over the wire plainly. A lot of the data companies send home is encrypted too so you might be able to identify which apps or programs are generating the most traffic or sending it to same shady destinations, but don't expect to see what data they are collecting from watching the network.
Windows at least lets me mark a Wi-Fi network as metered today, which is a kind of global suggestion that "unnecessary downloads literally cost me money" - but I don't even know how much software except the OS itself cares.
So does the future belong to those who can administer the "thousand cuts?" In 2019, that means those who own the Cloud server farms and control the organizations that hire hordes of programmers. Does that mean that privacy is dead by an inexorable process? Doesn't that imply that individual liberty is also, eventually, dead?
How can we, the people, administer the thousand cuts?
>Doesn't that imply that individual liberty is also, eventually, dead?
>How can we, the people, administer the thousand cuts?
Stop carrying a cell phone.
There was a brief period of time, from 1990 to 8:40 AM, September 11th, 2001, when you could do all sorts of stuff online, and the powers that be either didn't, or couldn't, monitor it. That's changed, and that freedom will never come back.
However, no matter how bad the modern surveillance state gets, contrast it to the ancestral environment: a village of 50 to 200 people, most of whom are related to you, watch your every move, and can determine if you live or die. Hunter gatherers don't even have a word for "privacy". It would take real creativity for things to get that bad today.
The belief that September 11 brought in the dark times overlooks the actual history of things. The European Parliament’s ECHELON report, which detailed American massive interception and storage of internet and other electronics communications, was released in 2000. John Young’s website Cryptome was discussing the same stuff pre-9/11 that you found from people like Bruce Schneier afterwards. The revelations may not have been as big in the news like Snowden later, but it was well known that the NSA had rolled out extensive surveillance already by the turn of the millennium.
It is easily as bad or worse. Those 50-200 people knew and cared for each-other, and depended on each-other, and the surveillance was bidirectional. Whereas now you are monitored by actors almost entirely beyond your reach, that will feel no remorse in crushing you, should the command be given by whoever is in control.
Which may ultimately be a poorly tested, bias-ridden bit of AI code.
Rather than 1984, the future we need to worry about will probably be more like something from Kafka.
This morning, I learned of a YouTuber with zero strikes, who followed all of the stated rules, who proactively deleted all of his demonetized videos, and yet still had his channel deleted. (1) If you talk to YouTubers, many of them, even mainstream ones, especially successful ones, will tell you that being governed on that platform is indeed Kafkaesque.
(1) - Black Pigeon Speaks. All of his opinions that I listened to were trash, but I still think he had the right to express them.
It already is controlled by a poorly tested, bias-ridden, strange AI system, called the market.
How about stop using the Internet, driving a car, and participating in the economy? I don't think that helps.
And then people go to extremes with Tor, Noscript, Bitcoin and the like which would be completely unnecessary if the basic privacy requirements were fulfilled.
A bit of unnecessary FUD alarmism here. Seems like today's answer is no, probably not. It's just very difficult, requiring (i.e.) policy changes and mass adoption and transparent phone companies willing to not do dirty things with cellphones. I still think humanity can figure something out, people just have to step up.
The IMSI identifies the subscriber (and/or the SIM card) even if you change phone.
As long as people are able to call and be called and as long as people need to be billed there has to be a reliable form of identification.
This is not an "intrusive privacy violation", it is, as you point out, a technical requirement of our willingness to be reachable and most people think that the benefits far outweigh the very limited drawbacks.
Secrecy of user nyms is trivially solved by existing mix networks (eg TOR onion services). Network access/billing could be solved by blinded signature tokens or some other untraceable bearer instrument. Implementing latter would take cooperation from the network provider, or at least an MVNO and SIM manufacturer, but it is indeed possible.
This is the danger inherent to full enumeration of the technologically enabled envelope. This is also the danger of the "market"; as it incentivized the ability to clearly specify the "who" of the customer.
It's why I've been getting increasingly uncomfortable with the economic push away from cash as the primary medium of economic exchange.
The death of the payphone marked the beginning of the end for infrastructure that wasn't in some way dependent or useful as a means of user surveillance.